Saturday, July 25, 2009

Forensic Post JuMblE Linkfest

Really no rhyme or reason to this mad-hatter collection of forensics links.

Stuff I’ve picked up over the past month mostly for reference purposes.  Probably nothing here for most folks but maybe you will find something of interest.

  • Julie Amero case featured in new forensic book – Sunbelt Blog – Really fascinating cross link to PDF file.  Reading the (lack-of) technical knowledge or legitimate forensic evidence/methodology was stunning…as was the impact.  A must-read for any incident responder.  I’m no forensic expert but if I was on the jury I would have been climbing the walls with discomfort.  Great reading.
  • Hard Drive Errors and Replacements – SANS Computer Forensics, Investigation, and Response blog.  Ever wonder what it would take to pull the platters out of a drive and drop them into another hard-drive chassis?  Now you know!
  • Opensource forensic tools – When A Dumb Boy Learns To Write blog.  A nice collection of forensics tools in an organized list. Nice resource.
  • Forensics 101: Acquiring an Image with FTK Imager - SANS Computer Forensics, Investigation, and Response blog.  I’ve had FTK Imager in my toolbox but this was a great-reminder about how useful it can be. I should have considered this utility when I did my PGP WDE recovery exercise.
  • Unix dd command and image creation – Softpanorama.org – Very thorough reference page with lots and lots of “dd” command tips and information.
  • Windows Incident Response: Mounting a DD image – Windows Incident Response blog – Harlan gives some wonderful tips on what to do with that dd image once you got it.
  • dd (Unix) - Wikipedia, the free encyclopedia.
  • Partition Find and Mount – Another freeware tool that can mount dd images as an accessible “virtual” drive volume..
  • Tools and utilities for Windows – Utility that allows mounting of IMG/dd and other “image” files as physical devices.  Really cool and is in use on my work system..
  • Free Windows Drive tools – SANS Computer Forensics, Investigation, and Response blog.  A few more great tips on tools that sysadmins may find useful in working with drives.
  • Survey of Disk Image Storage Formats -- (PDF link) – 2006 whitepaper from the Common Digital Evidence Storage Format Working Group / Digital Forensic Research Workshop.  A bit dated but still a very good introduction to the different forensic-image file formats.  If you spend some time on the forensics blogs (or working with forensic-imaging related software), you will hear/see references to some of these different image file types.  I found this a good primer on sorting them all out..
  • Stephen Venter: Mount EWF (E01) on Linux – Stephen Venter’s blog – More tips for working with the EWF (Expert Witness Format / EnCase) image file format.

FYI,

--Claus V.

No comments: