Metasploit Project. The Metasploit Project is well known for its anti-forensic and evasion tools, some of which are built into the Metasploit Framework. History[edit] Like comparable commercial products such as Immunity's Canvas or Core Security Technologies' Core Impact, Metasploit can be used to test the vulnerability of computer systems or to break into remote systems. Like many information security tools, Metasploit can be used for both legitimate and unauthorized activities. Since the acquisition of the Metasploit Framework, Rapid7 has added two open core proprietary editions called Metasploit Express and Metasploit Pro. [edit] The basic steps for exploiting a system using the Framework include: This modular approach – allowing the combination of any exploit with any payload – is the major advantage of the Framework.
Metasploit runs on Unix (including Linux and Mac OS X) and on Windows. [edit] There are several interfaces for Metasploit available. [edit] The free version. [edit] [edit] [edit] Armitage[edit] BackTrack. History[edit] The BackTrack distribution originated from the merger of two formerly competing distributions which focused on penetration testing: WHAX: a Slax-based Linux distribution developed by Mati Aharoni, a security consultant.
Earlier versions of WHAX were called Whoppix[6] and were based on Knoppix.Auditor Security Collection: a Live CD based on Knoppix developed by Max Moser which included over 300 tools organized in a user-friendly hierarchy. The overlap with Auditor and WHAX in purpose and in their collection of tools partly led to the merger. Tools[edit] BackTrack provided users with easy access to a comprehensive and large collection of security-related tools ranging from port scanners to Security Audit. BackTrack included many well known security tools including: BackTrack arranged tools into 12 categories: Releases[edit] As soon as newer versions of BackTrack are released, older versions lose their support and service from the BackTrack development team.
References[edit] Computer forensics tool reveals past online activity. Posted on 09 September 2011. A group of researchers from Stanford University in California and EADS Defence & Security has recently presented a new, open source tool for the forensic analysis of Windows machines. This tool is able to extract a many types of information from used discs - including information on where the computer was connected, which online services were accessed and which online identities were used by the user.
The advent of the cloud and the fact that many users nowadays store their data in it have made the criminal forensic specialists' job more difficult. They can discover what's on the disk, but what if critical information was stored in the cloud or happens to be on social networks or other online services? How can they they mach suspects to online identities or see what they were up to online? So, they developed OWADE - Offline Windows Analysis and Data Extraction. UBCD for Windows. Secrets and Lies by Bruce Schneier. Digital Security in a Networked World Bruce SchneierJohn Wiley & Sons, 2000 432 pages Hardcover - ISBN 0-471-25311-1 - $29.95 Paperback - ISBN 0-471-45380-3 - $17.95 Table of ContentsPrefaceTranslations Introduction to the Second Edition A Personal Message From the Author Secrets and Lies won a Productivity Award in the 13th Annual Software Development Magazine Product Excellence Awards.
Welcome to the businessworld.com. Information security expert Bruce Schneier explains what everyone in business needs to know about security in order to survive and be competitive. There are no quick fixes for digital security. Ordering signed copies Signed copies of the paperback are available for $24 shipped to U.S. addresses, $40 to addresses in Canada, and $43 to the rest of the world. I also have signed galley proofs for sale at $21 shipped to the U.S, $37 to Canada, and $40 elsewhere: Order Secrets & Lies Galley Proofs Ordering Powell's | AmazonB&N | Amazon.co.ukO'Reilly (DRM-free ebook) Reviews more quotes. Articles | Forensic Magazine. "Evil Maid" Attacks on Encrypted Hard Drives. Earlier this month, Joanna Rutkowska implemented the "evil maid" attack against TrueCrypt.
The same kind of attack should work against any whole-disk encryption, including PGP Disk and BitLocker. Basically, the attack works like this: Step 1: Attacker gains access to your shut-down computer and boots it from a separate volume. The attacker writes a hacked bootloader onto your system, then shuts it down. Step 2: You boot your computer using the attacker's hacked bootloader, entering your encryption key.
You can see why it's called the "evil maid" attack; a likely scenario is that you leave your encrypted computer in your hotel room when you go out to dinner, and the maid sneaks in and installs the hacked bootloader. This attack exploits the same basic vulnerability as the "Cold Boot" attack from last year, and the "Stoned Boot" attack from earlier this year, and there's no real defense to this sort of thing. PGP sums it up in their blog. Penguinsleuth.org - Home. Hacker Factor: Home Page. Forensic Acquisition Utilities.
Forensic Acquisition Utilities Copyright © 2002-2014 George M. Garner Jr. <gmgarner (at) gmgsystemsinc (dot) com> Revised September 14, 2014. Project purpose and components: This is a collection of utilities and libraries intended for forensic or forensic-related investigative use in a modern Microsoft Windows environment. What’s new in this release? September 14 2014: On August 30, 2013, GMG Systems, Inc. released FAU-1.4.0.2464 released for evaluation and testing.
August 30, 2013: Volume_dump and DD now recognize drives with BusTypeSata as devices supporting the ATA feature set. Dd.exe -v if=\\. FAU-1.4.0.2464 is released for evaluation and testing and may be downloaded from August 4, 2009: July 31, 2009: FAU-1.3.0.2390 is released for evaluation and testing and may be downloaded from September 19, 2008: 1. 2. 3. 4. Helix - A Linux forensics corkscrew. Updated: February 24, 2009 Helix is a live Linux CD carefully tailored for incident response, system investigation and analysis, data recovery, and security auditing. It is geared toward experienced users and system administrators working in small-to-medium, mixed environments where threats of data loss and security breaches are high. The most recent version is based on Ubuntu, promising stability and ease of use. Helix has two modes, including pure Linux bootable live CD and the Windows mode, where it can be used in-vivo on top of a running Windows desktop. Helix is available for download by email registration.
We tested version 3 here. Now, let's see what Helix can offer us. Linux mode As said, Helix comes as a live CD, allowing you to use it on a "suspect" machine with its native operating system dormant. The latest version of Helix is based on Ubuntu (used to be Knoppix, in the past), so the minimalistic yet fully functional Gnome desktop comes as no surprise. Windows mode Cheers. Siren.gif: Microsoft COFEE law enforcement tool leaks all over the Internet~! It was one of the most sought after applications on the Internet until it was leaked earlier today.
And now that it’s out there—and it is all over the place, easily findable by anyone able to use a search engine—we can all move on with our lives. Yes, Microsoft COFEE, the law enforcement tool that mystified so many of us (including Gizmodo~! And Ars Technica~!) , is now available to download. I’m not mentioning any names, nor will there be any screenshots, but the resourceful among you will be able to find the application.
With COFEE, law enforcement agencies without on-the-scene computer forensics capabilities can now more easily, reliably, and cost-effectively collect volatile live evidence. To reiterate: you have absolutely no use for the program. Given that, what makes COFEE so mysterious, so special? So that’s that then; Microsoft COFEE is out there. Flickr. DECAF. Detect and Eliminate Computer Acquired Forensics (DECAF) is a counter intelligence tool specifically created around obstructing the well known Microsoft product COFEE used by law enforcement around the world.[1] However, the tool does not prevent access by other more advanced computer forensics tools, and so computers protected with DECAF can still be examined by non-COFEE tools.
On December 18, 2009, the authors remotely disabled the software, with the aim of convincing security professionals to "band together" to offer better support to government entities.[2] The tool was patched and re-enabled by a group called SOLDIERX on December 23, 2009.[3][4] DECAF provides real-time monitoring of COFEE signatures on USB devices and in running applications.[2] When a COFEE signature is detected, DECAF performs numerous user-defined processes. These may include COFEE log clearing, ejecting USB devices, and contamination or spoofing of MAC addresses.[5]
Freeze Memory Chips, Steal Encrypted Data. According to an article published by New York Times, Princeton University researchers have come out with a method to steal encrypted information stored on computer hard disks. The trick is pretty simple according to them but certainly not for us. It involves freezing of DRAM (Dynamic Random Access Memory) chip.
This is done to exploit the little-known vulnerability of the DRAM chip. These chips temporarily hold data, including the keys to modern data-scrambling algorithms. When the computer’s electrical power is shut off, the data, including the keys, is supposed to disappear. Hence if the chips are frozen using an inexpensive can of air, the data too gets frozen which reveals the key with long string of vulnerable binary data. Nessus (software) Nessus is a proprietary comprehensive vulnerability scanner which is developed by Tenable Network Security. It is free of charge for personal use in a non-enterprise environment. According to surveys done by sectools.org, Nessus is the world's most popular vulnerability scanner, taking first place in the 2000, 2003, and 2006 security tools survey.[2] Tenable Network Security estimates that it is used by over 75,000 organizations worldwide.[3] Nessus allows scans for the following types of vulnerabilities: Tenable Network Security produces several dozen new vulnerability checks (called plugins) each week, usually on a daily basis.
Optionally, the results of the scan can be reported in various formats, such as plain text, XML, HTML and LaTeX. Nessus provides additional functionality beyond testing for known network vulnerabilities. Computer Online Forensic Evidence Extractor. Computer Online Forensic Evidence Extractor (COFEE) is a tool kit, developed by Microsoft, to help computer forensic investigators extract evidence from a Windows computer. Installed on a USB flash drive or other external disk drive, it acts as an automated forensic tool during a live analysis. Microsoft provides COFEE devices and online technical support free to law enforcement agencies. Development and distribution[edit] COFEE was developed by Anthony Fung, a former Hong Kong police officer who now works as a senior investigator on Microsoft's Internet Safety Enforcement Team.[1] Fung conceived the device following discussions he had at a 2006 law enforcement technology conference sponsored by Microsoft.[2] The device is used by more than 2,000 officers in at least 15 countries.[3] A case cited by Microsoft in April 2008 credits COFEE as being crucial in a New Zealand investigation into the trafficking of child pornography, producing evidence that led to an arrest.[1] Public leak[edit]