Open Source applied to Computer Forensics



Similar documents
Embedded Linux development training 4 days session

EVault Software. Course 361 Protecting Linux and UNIX with EVault

How To Back Up A Computer To A Backup On A Hard Drive On A Microsoft Macbook (Or Ipad) With A Backup From A Flash Drive To A Flash Memory (Or A Flash) On A Flash (Or Macbook) On

EVault for Data Protection Manager. Course 361 Protecting Linux and UNIX with EVault

One Solution for Real-Time Data protection, Disaster Recovery & Migration

How To Use A Recoverypoint Server Appliance For A Disaster Recovery

1. System Requirements

Live System Forensics

Linux Development Environment Description Based on VirtualBox Structure

How to Restore a Linux Server Using Bare Metal Restore

My OwnCloud Project. by Simon Heisterkamp

Home storage and backup options. Chris Moates Head of Lettuce

Using iscsi with BackupAssist. User Guide

Hands-On How-To Computer Forensics Training

StarWind iscsi SAN Software: Using with Citrix XenServer

OS Installation Guide Red Hat Linux 9.0

An Open Source Wide-Area Distributed File System. Jeffrey Eric Altman jaltman *at* secure-endpoints *dot* com

NEXTGEN v5.8 HARDWARE VERIFICATION GUIDE CLIENT HOSTED OR THIRD PARTY SERVERS

Veeam Cloud Connect. Version 8.0. Administrator Guide

Digital Forensics Tutorials Acquiring an Image with FTK Imager

User Guide. Laplink Software, Inc. Laplink DiskImage 7 Professional. User Guide. UG-DiskImagePro-EN-7 (REV. 5/2013)

Parallels Plesk Automation

Acronis Backup & Recovery 10 Server for Linux. Update 5. Installation Guide

Self Service Penetration Testing

2! Bit-stream copy. Acquisition and Tools. Planning Your Investigation. Understanding Bit-Stream Copies. Bit-stream Copies (contd.

STORAGE AS. A SERVICE (STaaS) ELASTIC CLOUD STORAGE. global.de/cloud-storage MADE IN GERMANY

Desktop Linux Distribution. { Showdown } Jeff Osier-Mixon

Cisco Small Business NSS3000 Series Network Storage System

ICANWK401A Install and manage a server

Kaspersky Anti-Virus 8.0 for Linux File Server Installation Guide

Bypassing Local Windows Authentication to Defeat Full Disk Encryption. Ian Haken

9/26/2011. What is Virtualization? What are the different types of virtualization.

PARALLELS SERVER 4 BARE METAL README

AVLOR SERVER CLOUD RECOVERY

G-Cloud 6 brightsolid Secure Cloud Servers. Service Definition Document

Brian LaGoe, Systems Administrator Benjamin Jellema, Systems Administrator Eastern Michigan University

SOP Common service PC File Server

Acronis Backup & Recovery 10 Server for Linux. Installation Guide

How to Backup and Restore a VM using Veeam

StarWind iscsi SAN Software: Using StarWind with VMware ESX Server

Kaspersky Endpoint Security 8 for Linux INSTALLATION GUIDE

Unit 10 : An Introduction to Linux OS

Preparing a SQL Server for EmpowerID installation

Designing Database Solutions for Microsoft SQL Server 2012 MOC 20465

Windows Active Directory. DNS, Kerberos and LDAP T h u r s d a y, J a n u a r y 2 7, 2011 INLS 576 Spring 2011

Cisco Small Business NSS2000 Series Network Storage System

For Hyper-V Edition Practical Operation Seminar. 4th Edition

IMPLEMENTING GREEN IT

How Drive Encryption Works

LDA, the new family of Lortu Data Appliances

Quick Start Guide. Version R91. English

What s New with VMware Virtual Infrastructure

Voice Over IP: Security & QOS Test Lab

Net/FSE Installation Guide v1.0.1, 1/21/2008

Archive Data Retention & Compliance. Solutions Integrated Storage Appliances. Management Optimized Storage & Migration

Cisco Small Business NSS3000 Series Network Storage System

ThinLinX TLXOS NUC / Compute Stick / RePC Installation Guide Creating the Installer (Step 1)

Acronis Backup & Recovery for Mac. Acronis Backup & Recovery & Acronis ExtremeZ-IP REFERENCE ARCHITECTURE

Kevin Cardwell. Toolkits: All-in-One Approach to Security

USB to IDE SATA Standalone Hard Drive Duplicator Dock StarTech ID: UNIDUPDOCK

Virtualization. Michael Tsai 2015/06/08

15 AFS File Sharing. Client/Server Computing. Distributed File Systems

DIGITAL FORENSIC INVESTIGATION, COLLECTION AND PRESERVATION OF DIGITAL EVIDENCE. Vahidin Đaltur, Kemal Hajdarević,

Hardware and Software Requirements for Installing California.pro

M710 - Max 960 Drive, 8Gb/16Gb FC, Max 48 ports, Max 192GB Cache Memory

Digital Forensics Tutorials Acquiring an Image with Kali dcfldd

Computer Forensic Tools. Stefan Hager

ECT362 Installing Linux Virtual Machine in KL322

LBNC and IBM Corporation Document: LBNC-Install.doc Date: Path: D:\Doc\EPFL\LNBC\LBNC-Install.doc Version: V1.0

How Endpoint Encryption Works

Prepared for: How to Become Cloud Backup Provider

Table of Contents. Online backup Manager User s Guide

Keystone 600N5 SERVER and STAND-ALONE INSTALLATION INSTRUCTIONS

Design Document for Implementing a Digital Forensics Laboratory

StACC: St Andrews Cloud Computing Co laboratory. A Performance Comparison of Clouds. Amazon EC2 and Ubuntu Enterprise Cloud

Selling Virtual Private Servers. A guide to positioning and selling VPS to your customers with Heart Internet

IBM EXAM - C IBM Security QRadar SIEM V7.1 Implementation.

Acronis True Image 2015 REVIEWERS GUIDE

What is Digital Forensics?

Securing Data on Microsoft SQL Server 2012

Introduction to Computing Facilities

Freshservice Discovery Probe User Guide

HP Client Automation Standard Fast Track guide

Digital Forensics. Tom Pigg Executive Director Tennessee CSEC

Parallels Cloud Server 6.0 Readme

Follow this procedure to upgrade your Agility ipath v3.3 hardware to a new 4.0 system.

Overview of Computer Forensics

1. Scope of Service. 1.1 About Boxcryptor Classic

Transcription:

Open Source applied to Computer Forensics Presentation by Mr. Andrea Ghirardini United Nations Interregional Crime and Justice Research Institute (UNICRI) ITU Regional Cybersecurity Forum for Europe and the Commonwealth of Independent States (CIS) Sofia, Bulgaria 9 October 2008

Open Source: Why? Open Source should be used in Computer Forensics for many different reasons: In the back-office it s useful to build an enterprise level lab with a very low investment. You may use many interesting technologies which are far better than commercial ones (AFS, for example) The above helps emerging countries and States with a low dedicated budget When you need to perform analysis you find that open source software is often updated faster than others GNU/Linux is the best Computer Forensics environment in the world, without any doubt

Open Source in the Back-office I A Computer Forensics Lab has many different needs: You need HUGE storage (our lab has > 40 TB), but you don t want to spend everything in SAN/NAS/whatever You need to keep data secure but you need to give local root (or Administrator) password to every single computer forensics expert You need to work with many different platforms

Open Source in the Back-office II These needs don t coexist very well We had many troubles trying to work with these problems We tried many technologies: - NFS - SMB - NFS v.4 - Coda

Open Source in the Back-office III OpenAFS solved all the troubles at once! It has: Strong Authentication (Kerberos V) Client and server for more than 20 different platforms Replication Surpass the concept of file server (cell) Backup Strong encryption Central management Works well also with low band

Open Source in the Back-office IV With OpenAFS we work with cheap hardware and we are able to scale up without a single problem At the present we have: 1 Cell (lab.atpss.net) 10 File Servers > 40 Tb of data 1 Site

Open Source in the Back-office V In a very near future we ll able to scale up to : 3 Sites (1 Research Lab and 2 operating ones) 1 Cell > 100 Tb > 20 File Server Everything without changing actual systems but simply adding new components to the system

Linux as Computer Forensics OS I GNU/Linux is unique operating system Yes, there are many other open source operating systems but only GNU/Linux has: Support for more than 18 types of partition schemes Support for more than 40 file systems GNU/Linux is also useful because it s: Reliable Affordable Very good hardware support And, last but not least... it does what you are asking for (no wizards, helpers, whatsoever)

Linux as Computer Forensics OS II You have also many other interesting technologies: Loop devices Software RAID Wine Bond devices Libpcap

Linux as Computer Forensics OS III On the top of GNU/Linux and its features you ll find a world of computer forensics programs to perform (for example): Bitstream copy Hash validation Analysis Network Forensics Reverse engineering RAM Dumping... many others...

Linux as Computer Forensics OS IV Are you scared about all these things? Don t worry there are Computer Forensics Distributions! Helix Knoppix: recently updated (no more than 2 weeks ago), it s one of the best computer forensics distro in the world. It s a Live CD useful both to copy and inspect computer systems DEFT: A true Italian job by Stefano Fratepietro and Andrea Ghirardini. Ubuntu based (like the new Helix), it s a Linux Live CD with everything you need to perform forensics analysis DEEEFT: A SD-CARD distribution (by Andrea Ghirardini). With DEEEFT you can turn an eeepc in a compact forensics machine. A little lab in 1.1 Kg!

Open Source in Analysis There is also profound reasons to use Open Source Software for forensics analysis: Availability: Software is always on the net you can find also a obsolete version years later Open Format: Open source means open formats. You always convert an open source file format in an other one... (Try to read a very old.doc file if you can...) Double check: The oppose side can check every step of your analysis if you use (and produce) open source software. This is not true if you need a many-thousanddollar software... Transparency: Commercial software is a black box. Open source software can be checked without any problem

That s all! Any questions?

Do you want to contact me? E-Mail andrea@atpss.net Mobile: +39 392 1101101 Office: +39 011 3272100

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information