IMPORTANT: Per accedir als fitxer de subversion: http://acacha.org/svn (sense password). Poc a poc s'aniran migrant els enllaços. Encara però funciona el subversion de la farga però no se sap fins quan... (usuari: prova i la paraula de pas 123456)

https://www.blackhat.com/presentations/bh-usa-03/bh-us-03-willis-c/bh-us-03-willis.pdf

Live CDs

CAINE

DEFT

The F.I.R.E. Boot CD

 https://www.blackhat.com/presentations/bh-usa-03/bh-us-03-willis-c/bh-us-03-willis.pdf

The F.I.R.E. Boot CD

Getting Started with F.I.R.E. • Boot to F.I.R.E. • F.I.R.E. can boot in X-Windows or Console mode • I prefer console (boot option 1) because there is less going on with the system • When booting to console mode, a menu is displayed • Change to another VT (Ctrl-Alt-F2) and type everything on the command line • Log in as root - the root password is “firefire”

Scalpel

dcfldd

$ sudo apt-get install dcfldd

Hash on the fly. Wipe drive with:

$ dcfldd if=/dev/zero of=/dev/hda bs=8k conv=noerror,sync

Discs durs

Disc Carving

foremost

$ sudo apt-get install foremost

Can run on disk image or on loopback devices

$ foremost –o loopa3_fm –v /dev/loopa3

Can also be run on free space (.dls) extracted by Autopsy

Foremost

Cerca de patrons

NSRL: National Software Reference Library

Strings

http://linux.about.com/library/cmd/blcmdl1_strings.htm

grep

Vegeu grep

Sleuth Kit

Sleuth Kit. Per instal·lar:

$ sudo apt-get install sleuthkit
  • www.sleuthkit.org

Autopsy

Vegeu Autopsy

Altres eines

  • MD5deep (md5deep.sourceforge.net) – recursive md5s
  • Fatback (sourceforge.net/projects/biatchux) – File uneraser for FAT file systems
  • Stegdetect (www.outguess.org) - will detect some kinds of steganography in images. Vegeu Steganografia
  • Galleta (www.openforensics.org) – IE Cookie Parser
  • Pasco (www.openforensics.org) – IE Activity Parser
  • Rifiuti (www.openforensics.org) – Recycle Bin INFO2
  • File Parser LibPST (sourceforge.net/projects/ol2mbox) – converts Outlook and Outlook Express files to Linux mbox format

Altres fonts informació

  • Information about the National Software Reference Library (NSRL) - www.nsrl.nist.gov
  • Tools, forums, mailing lists - www.openforensics.org
  • Penguin Sleuth CD, forums, and information - www.linux-forensics.com
  • Tools and information - www.opensourceforensics.org
  • The Coroner’s Toolkit - www.porcupine.org/forensics/tct.html
  • Honeynet Project Scans of the Month (www.honeynet.org/scans/) #15, #24, and #26 deal with forensics
  • SleuthKit/Autopsy information, mailing list, and download – www.sleuthkit.org
  • Case studies of Honeynet Scans www.sleuthkit.org/case/index.php
  • Great news letter - www.sleuthkit.org/informer/index.php
  • Linux Forensic User Group - groups.yahoo.com/group/linux_forensics/

Vegeu també

Enllaços externs