[OPLINTECH] FWIW Autopsy and The Sleuth Kit, Open source digital forensic tools
Bob Neeper
neeperro at oplin.org
Thu Oct 10 10:57:39 EDT 2013
Saw this: National Computer Forensics Institute: Demystifying Cybercrime at:
http://www.techrepublic.com/blog/it-security/national-computer-forensics-institute-demystifying-cybercrime/
Which showed a link, 'Forensic Recovery Device' to a pdf, which mentioned Sleuth
Kit and FTK Imager..
So googled and found: http://www.sleuthkit.org/ about Autopsy and The Sleuth
Kit running on Windows, Linux, etc.
Open source digital forensic tools to analyze disk images and perform in-depth
analysis of various file systems and several volume system types.
Sounded interesting so installed Autopsy on a XP PC.
(It's a graphical interface to The Sleuth Kit and other investigation tools)
Used it to look at the PC's drive's software and it had a lot of info.
Turns out the PC should have been better (faster, more ram, etc.) but good
enough for a test.
For real forensic work it looks as if it's best to use a 'Write Blocker' (keeps
drive intact) then make an image.
Use Autopsy on the image.
'General Information' tab at this link, shows what can be done.
http://www.sleuthkit.org/autopsy/help/index.html
There is also Autopsy 3 WinFE, a live boot environment to examine a suspect
computer in a forensically sound way.
Image from the Autopsy WIKI.
Enjoy, Bob
--
Email Signature
R. W. (Bob) Neeper
Community Library <http://sunbury.cool-cat.org>
44 Burrer Dr.Map <http://maps.google.com/maps?q=40.243961,+-82.863007>
Sunbury, Oh 43074
Tel: (740)-965-3901
cool-cat.org <http://info.cool-cat.org>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.oplin.org/pipermail/oplintech/attachments/20131010/073162cc/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: ghdcjfeh.png
Type: image/png
Size: 189588 bytes
Desc: not available
URL: <http://lists.oplin.org/pipermail/oplintech/attachments/20131010/073162cc/attachment-0001.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: COOL.jpg
Type: image/jpeg
Size: 7840 bytes
Desc: not available
URL: <http://lists.oplin.org/pipermail/oplintech/attachments/20131010/073162cc/attachment-0001.jpg>
More information about the OPLINTECH
mailing list