Wednesday, May 24, 2006

Forensic Analysis

I have been reading about file system forensic and analysis here and there, and without putting it into my practical work, it seems that I can't get to master or at least handy when performing file system forensic analysis, I decide to be more systematic where I have collected the documentations online and few good and recommended books, that may help me to learn in more efficient way. Of course my priority always falls to Open Source Tools, Sleuthkit/Autopsy and Pyflag will be my primary tool through out the learning process. Helix Live CD will be used since it contains lots of forensic tools as well. Here are my to-learn list in sequence -

http://www.efense.com/helix/docs.php

http://www.realdigitalforensics.com/real-digital-forensics-blog

http://www.porcupine.org/forensics/forensic-discovery/

http://www.sleuthkit.org/informer/index.php

http://www.digital-evidence.org/fsfa/

By the way, I have just successfully installed Sleuthkit/Autopsy which is the latest release that support Export Witness and AFF file format on OpenBSD. In order to get it install, you need to use gmake instead of make, just install gmake via package/port will do. Since both Sleuthkit and Autopsy are not too tricky to install, I won't show here again. However if you do have problem of getting them installed, feel free to email me. Below are the only screenshot I have taken for Autopsy.


Cheers (:])

No comments: