background preloader

How to create your own free computer forensics kit on a USB drive

How to create your own free computer forensics kit on a USB drive
The super-sleuth detectives in TV show CSI have some very nifty tools to help solve crimes. But the need to keep things interesting and wrap the show up in an hour means the technology used in each episode bears little resemblance to the work of real forensic experts. Or does it? When it comes to computer forensics, today's tools are becoming more advanced, leaving fewer places to hide information. This tension between fact and fiction took on a whole new dimension when Microsoft's police-only forensic toolkit was leaked on the internet. Reports say that it has more in common with CSI than The Bill. We're going to show you how to mimic Microsoft's offering using open-source software to unlock Windows accounts, investigate suspicious activity, see any file on a Windows disk and even peruse files that others believe have been permanently deleted. Forensic toolkit During November 2009, it was announced that someone had leaked Microsoft's secret crime-fighting software online. Related:  open sourceDigital Forensicsdigital Forensics

Open Source Living 10 Data Recovery Tools You Can Download For Free [Windows] It happens to the best of us. We are working on that very important file when suddenly disaster strikes. It accidently gets deleted, corrupted, the computer died or a number of unfortunate things that prevent you from gaining access to the file. What’s worse, you don’t have a backup and are in desperate need of those important files urgently. Well, don’t fret as it is possible to recover those deleted files. When you delete a file, you don’t actually ‘delete’ it. Recommended Reading: 20+ Data Backup & Synchronization Tools For Hard Drives 1. PhotoRec is a powerful command line recovery tool that can recover your lost data by bypassing the file system, perfect for when your computer can see the drive but cannot access it or for use on a formatted drive. [Download here] 2. Recuva provides a number of tools and features that makes recovering your data easier. [Download here] 3. There are times when your drive’s file system will get damaged and you are unable to access the data within. 4. 5.

SIFT Kit/Workstation: Investigative Forensic Toolkit Download SANS Investigative Forensic Toolkit (SIFT) Workstation Version 3.0 Download SIFT Workstation VMware Appliance Now - 1.5 GB Having trouble downloading? If you are having trouble downloading the SIFT Kit please contact sift-support@sans.org and include the URL you were given, your IP address, browser type, and if you are using a proxy of any kind. Having trouble with SIFT 3? If you are experiencing errors in SIFT 3 itself, please submit errors, bugs, and recommended updates here: How To: Download Ubuntu 14.04 ISO file and install Ubuntu 14.04 on any system. -> Once installed, open a terminal and run "wget --quiet -O - | sudo bash -s -- -i -s -y" Congrats -- you now have a SIFT workstation!! SIFT Workstation 3.0 Overview "The SIFT Workstation has quickly become my "go to" tool when conducting an exam. Key new features of SIFT 3.0 include: Installation

a HTPC Media Center for free! Large List of Free Forensic Software While I personally have never gotten into forensics due to liability reasons, it has always been something that has interested me. Recently, one of our forum members (mm201) posted an amazing resource with a large collection of free forensics tools for Windows, Mac and Linux as well as iOS, Android & Blackberry devices. If you are already doing forensics work or simply have an interest in it, be sure to check out this site: The tools on the site are divided into the following categories: Disk tools and data captureEmail analysisGeneral toolsFile and data analysisMac OS toolsMobile devicesFile viewersInternet analysisRegistry analysisApplication analysis If you do wish to get involved with forensics, find out what training and licensing requirements you need to have to operate in your state.

Digital Forensics Links This is a growing list of [digital/cyber/computational] forensic related resources. I agree, some serious reorganization is required. Please send any additions, corrections and/or dead-links to kulesh@cis.poly.edu I am now at Digital Assembly. We just released an excellent photo forensics product called Adroit Photo Forensics and have been helping people recover deleted photos with Adroit Photo Recovery. //Conferences//DFRWS Aug. 7- 9, 2002CSDC Idaho, Sep. 23 - 25, 2002EAFS 2003, Istanbul, Sep. 22-27, 2003 //People//Vlasti BroucekBrian CarrierFred CohenDave DittrichDan FarmerPeter GutmannChet HosmerLance SpitznerWietse Venema //News Groups//Mailing Lists// AAFS-COMPUTER-LIST [at] lists.mitre.org forensics [at] securityfocus.com //Papers//Not all papers are directly tied to forensics. //Articles//FAQs//Talks// Data Mining for Security Applications [TeX] [PDF]Who has machine readable information on you? //Tools//

50 Open Source Tools to Make Your Life Easier The open source community is vibrant, continually growing, and just loves to create applications and tools to make lives easier. Here are 50 of our favorite open source apps that help us do everything from managing pictures on our computer to learning about Jupiter and Mars. Chandler – An information management application for personal use or small group collaboration. Includes integrated calendaring, data organization tools, and allows backup and data sharing via web access. Tomboy – A cross-platform note-taking application packed with features text highlighting, font styling, inline spellchecking, and more. BasKet Note Pads – More than just a note-taking app, BasKet lets you organize in track data in several different ways, import information from other apps, and easily share your notes with others. Freemind – This free mind mapping app can easily handle maps with as many as 22,000 nodes. Task Coach – A robust todo list tracker. Xchat – An IRC chat client for Linux and WIndow.

Mobile Internal Acquisition Tool HTC Fuze Forensics Colby Lahaie The Senator Patrick Leahy Center for Digital Investigation Introduction Overview Many people use their cell phones to do a variety of different things, from storing word documents, using programs, playing games, using the GPS for travel, and other such things. · Retrieving contacts · Retrieving call logs · Retrieving images · Retrieving audio and video · Retrieving SMS text messages (active and deleted) · Accessing the File System · Retrieving internet history Purpose The purpose of this project is to find key aspects of the HTC Fuze that would be helpful during a forensics investigation. Preliminary Tool List 1. 2. 3. 4. 5. 6. Procedures Cellebrite Retrieving Contacts Retrieving Call Logs Retrieving Images

Forensic Analysis of the Windows Registry Page: 1/16 Lih Wern Wong School of Computer and Information Science, Edith Cowan University lihwern@yahoo.com Abstract Windows registry contains lots of information that are of potential evidential value or helpful in aiding forensic examiners on other aspects of forensic analysis. This paper discusses the basics of Windows XP registry and its structure, data hiding techniques in registry, and analysis on potential Windows XP registry entries that are of forensic values. Keywords: Windows registry, forensic analysis, data hiding Windows 9x/ME, Windows CE, Windows NT/2000/XP/2003 store configuration data in registry. Figure 1 shows Windows registry logical view from Register Editor (Windows default register editor). Figure 1: Windows Registry Logical View Key Next Page (2/16)

Mohawke's Best of the Best Free and Open Source Software Collection: Mac OS X and Windows software Collection Mohawke's Best of the Best Free and Open Source Software Collection from Dark Artistry :: Windows :: Macintosh :: Internet :: Operating Systems :: Games :: Web-Sites :: OSSWIN CD :: For search features you can simply use the search feature in your browser; Ctrl+F or Apple+F - Firefox, or use table toolsIf you need these pages translated check out FoxLingo(This page contains no ads or cookies, but does require a javascript enabled browser for sorting.) Access

Computer Forensics Book | PDF Free Digital evidence and computer forensics - university of, Title: microsoft powerpoint - digital evidence locations and computer forensics - judges conference apr 2-3 2012 [read-only] author: cherry created date. / incident response & computer forensics / prosise, Chapter 2 introduction to the incident response process 11 hacking / incident response & computer forensics / prosise & mandia / 222696-x / chapter 2. Ryan r. kubasiak, investigator - new york state police, Macintosh forensics a guide for the forensically sound examination of a macintosh computer ryan r. kubasiak, investigator - new york state police. Digital evidence and computer crime - elsevier store, Related titles by eoghan casey handbook of digital forensics and investigation edited by eoghan casey

Windows Systems and Artifacts in Digital Forensics, Part I: Registry Introduction Learning about artifacts in Windows is crucial for digital forensics examiners, as Windows accounts for most of the traffic in the world (91.8 of traffic comes from computers using Windows as their operating system as of 2013) and examiners will most likely encounter Windows and will have to collect evidence from it in almost all cyber-crime cases. Below, we will discuss several places from which evidence may be gathered and ways to collect information from Windows. Windows actually provides a great abundance of artifacts and being aware of these artifacts is helpful not only for examiners but for companies and individuals (just to name a few reasons) trying to permanently and irrevocably erase sensitive information or perform informal investigations. The things you will find in this article Registry What is the Windows registry and what is its structure? The Windows registry is an invaluable source of forensic artifacts for all examiners and analysts. Want to learn more??

The Top 50 Proprietary Programs that Drive You Crazy — and Their Open Source Alternatives | WHdb The Top 50 Proprietary Programs that Drive You Crazy — and Their Open Source Alternatives Update January 22, 2013: This article was originally posted February 7, 2008. Since then, it has been one of our most popular articles here at WHdb.com. In light of this, we have decided to give this article an update for 2013: we cleaned out some obsolete links and added a New for 2013 section. Enjoy! Not every proprietary program can drive a person crazy, right? The following fifty sixty proprietary programs are listed in no particular order within broad categories along with their open source alternatives. Jump to: Operating Systems & Web Browsers | Office Suites | Office Tools | Productivity | Graphic Programs | Web Editors | Desktop Publishing | Communications | Media | Utilities | Security | Financial | New for 2013 Operating Systems & Web Browsers Windows 10 to Ubuntu: This is Microsoft’s operating system (OS), and even Microsoft fans have become disillusioned with this product. Office Suites

Related: