Forensics
Get flash to fully experience Pearltrees
Download FCCU GNU/Linux Forensic Boot CD 12.1 for Linux - FCCU GNU/Linux Forensic Bootable CD is a bootable CD based on KNOPPIX
FCCU GNU/Linux Forensic Bootable CD is a bootable CD based on KNOPPIX that contains a lot of tools suitable for computer forensic investigatins, including bash scripts.
Forensic Memory Capture roundup
Due to the recent rounds of troubleshooting, the posts lately haven’t been the meaty material I’ve been setting aside. I’ve got a massive “new & improved” round-up linkfest bursting at the seams.
Security Ripcord » Blog Archive » Memory Tools Perform Differently
Although analyzing information provided in a system’s memory is not a new trick, the tools that help us automate these tasks are still new. The three products that I am currently using to help me with memory analysis are Volatility (Vol), Mandiant’s Audit Viewer (MAV), HBGary’s Responder Field Edition (RFE). These tools are very helpful and provide a wealth of system information that can help an analyst understand what is happening on a system without using tools that could be circumvented through techniques such as kernel hooking.
To create a MySQL database and set privileges to a user
MySQL is a widely spread SQL database management system mainly used on LAMP (Linux/Apache/MySQL/PHP) projects. In order to be able to use a database, one needs to create: a new database, give access permission to the database server to a database user and finally grant all right to that specific database to this user. This tutorial will explain how to create a new database and give a user the appropriate grant permissions.The physical memory of computers can be imaged and analyzed using a variety of tools.
Tools:Memory Imaging - Forensics Wiki
Side notes: "FIRST 2009 Conference" - Computer Forensic Blog
The Forum of Incident Response and Security Teams (FIRST) is going to held its annual conference from June 28 to July 3, 2009 in Kyoto, Japan. Registration is now open to the interested public.
Several people requested an update of PTFinder for the Microsoft Windows Vista platform. The changes to support kernel version 6.0.6000.16386 were not trivial. I've added a BETA version to the PTFinder Collection .
Memory analysis: "PTFinder for Windows Vista" - Computer Forensic Blog
Memory Collection and Analysis Tools
Recently, there was a post on the SANS Forensics blog about memory collection and analysis tools , but for some reason, it seems that folks are STILL having trouble with this process; I'm seeing posts in forums (forii??)Non-profit organizations that are performing public domain research can use the service at 30 cents (USD $0.30) per timestamp. DigiStamp's founders are scientists themselves. Volume users of the service
Time stamp service prices
Trusted timestamping is the process of securely keeping track of the creation and modification time of a document.
Trusted timestamping
Printer friendly ShareThis The College of Southern Maryland forensics team is presented with the Annual Digital Forensics Competition first place award by Johns Hopkins University Director of Technology Programs John Baker, Sr., far right.