Hello again, Just a little update on my current research and direction of the New Penguin Sleuth Kit.....I have been experimenting with several live cd ...
... Thanks for the update Ernie. Although not said often enough, work done by people such as yourself is appreciated and beneficial to many. Thank you, ...
Hi i am relatively new to forensics and even newer to linux and live response. i like the look of penguin but have i missed something somewhere... i read the...
I recently had a case where I had to obtain the Safari browsing and download history from a MacOSX system. There are several methods to extract the data from...
jake@...
Jan 8, 2007 12:26 am
2413
jake- just curious...does this convert the new binary version of the plist files? or does the plist file have to be converted from the binary to the XML ...
Hi, safari_hist parses the binary History.plist file. The History.plist file doesn't need to be converted to XML first. I checked out the BHV tool referenced...
jake@...
Jan 8, 2007 2:43 pm
2415
Jake- That is very cool! Previously I had to convert the binary. Great work thanks! ... -- Ave caesar! Morituri te salutamus...
Ernie, I am the creator of the Portable Linux Auditing CD (PLAC), one of the first linux bootable cdrom toolkits. I too have had thoughts on re-creating the...
Hello again, I wanted to clarify a few things. It seems that after my last few posts several people ran to my website and either downloaded the PSK virtual...
Greetings everyone, I would like your help in creating a poll based on current salary ranges for computer forensic professionals. As many of you know, finding...
How about using puppylinux (http://www.puppylinux.com) as a base for the build. It's small, fast, runs completely in ram (typically) and allows you to package...
I looked at the puppy Linux page.....It is pretty much a slax derivative or very close which I was looking into at the beginning of my search. SLAX is a neat...
I am working a case where handheld Global Positioning Systems (GPS) were used by criminals to plot their targets and plan their criminal activities. (See: ...
CCU-ZA
ccu@...
Jan 23, 2007 8:19 am
2422
... Did you read the user manual for this product? If not, it might be helpful. According to the manual; "Deleting an item from the Recent Finds list only...
There are many tools for recovering data from damaged CDs with Windows, but I don't know of any that can return the raw data (even in the case of ECC failure)...
The Atlanta Chapter of the High Technology Crime Investigation Association (HTCIA), in partnership with the CyberCrime Institute (CCI) at Kennesaw State...
I have moved recently from an area that was using some of the "standard" tool sets, FTK, EnCase etc. Now I'm in an environment that requires the use of open...
... Just out of sheer curiosity, what is it about your new environment that requires you to use open source tools? Don't get me wrong, I'm an advocate of open...
ron@...
Feb 27, 2007 2:49 pm
2433
For browser cache you can use Mandiant's tool: WebHistorian. It's free at this time and does a decent job. It's not the most straight forward but as long as...
I'll give it a go, thanks. ... ____________________________________________________________________________________ The fish are biting. Get more visitors on...
Extract does a good job with ms metadata. If you are using debian it is apt-getable. ... -- There is no reason for any individual to have a computer in his...
... bash scripting is handy. I use this onliner format all the time: file * | grep -i jpeg | cut -f 1 -d ':' | while read i; do mv "$i" jpegs; done i.e. type...
... Scott, Current version of THE FARMER'S BOOT CD has a simple GUI for pulling browser cache info from Opera, Firefox, and IE. Web page has screen shots and...
Dear All, My sincere apologies if this is not a relevant posting in this mailing list. http://f0rensics.blogspot. com is a blog that gives questions like bits...
Hi I am some what new to bash scripting so please forgive me if this is a bit basic for this list! Anyway, I have an enormous pile of "zip" discs to image so...
That didn't quite come out like I wanted (of= twice, and forgot to incorporate your unmount) Try this: #!/bin/bash declare -i zipdisknum=1 anotherzip="" until...
From a logic perspective, it's worth nothing that there is no reason to mount these drives whilst imaging them. Also if it were me, I'd hash them before the...
... Will this do what you want? #!/bin/bash declare -i zipdisknum=1 anotherzip="" until [ "$anotherzip" = "Exit" ] do mount -o ro,noexec /dev/sda /mnt/zip #//...
Jacques/Jeff
> Although I don't mount when I image
> I don't either for hard drives, not sure why I thought I should for
these - very good point - duly...
Having problems with message search?
Fill out this form to ensure your group is one of the first to be migrated to the new message search system.
