... Alan, All the comments you've gotten so far are on point. If what your looking for is low cost or no cost tools your in for a rude awakening. Most of these...
3133
mikepenn01
Sep 19, 2009 10:34 am
Hi, I had a debian lenny machine in our office lab back in July. I let one of my coworkers login to it, and he subsequently left the company later that month....
3134
farmerdude
farmerduderl
Sep 19, 2009 2:00 pm
Hi Mike, Depending upon the underlying file system you could have a bit of work ahead of you. The link below describes the structure and detailed information...
3135
Douglas
digitalforen...
Sep 26, 2009 1:17 pm
The Register - LinuxCon 2009: Does Linux desktop even need to be popular? There are, shall we say, differing options among the open source cognoscenti gathered...
3136
Donald Raikes
dnraikes
Oct 2, 2009 9:33 pm
Hello, I am new to this field. I am trying to learn my way into the world of computer forensics, and as such, I have a "real-world" need for the tools...
3137
swinginscott
Oct 2, 2009 10:09 pm
The fastest/easiest way to do it will just be power down the machines, put the hard drives in the Debian machine and use dd. Putting all the drives on the...
3138
Adrian Cuellar
adriancuellar
Oct 3, 2009 9:03 am
Hello Gents, Maybe I am not seeing the proverbial "Schwartz"; here, but once you have the image how are you going to go about and try and find the key logger?...
3139
Donald Raikes
dnraikes
Oct 3, 2009 9:03 am
Scott, I would like to use netcat to copy the drives, but the commands I got from the web didn't make a whole lot of sense to me. If you have any...
3140
Stuart Bird
e_tective
Oct 3, 2009 10:04 am
Don If I were you I would start your adventures at http://www.linuxleo..com and read the introductory guide available there! It will give you some answers but...
3141
Jacques B.
jboucher_work
Oct 3, 2009 12:51 pm
... I must admit I was thinking of the same thing. Are you going to examine your machines for evidence of malware? You mention that you want to see if...
3142
Jeff Bryner
jbryner1
Oct 3, 2009 5:53 pm
I'd suggest using some basic timeline analysis to see what that turns up. If there is a file being written to log keystrokes, it should lite up in a timeline....
3143
echo6
echo6_uk
Oct 3, 2009 7:04 pm
... Hash: SHA1 Don, The important part is to get an image as early as possible. I wouldn't worry too much about the method you use to image. There has been...
3144
nehal dattani
e_motion_nmd
Oct 3, 2009 8:24 pm
Hi All, Recently I came across a firefox plug-in named Tamper Data. And during its trial run i found that it is easy to tamper even encrypted data using this ...
3145
farmerdude
farmerduderl
Oct 3, 2009 11:05 pm
Hi Nehal, Are you looking to identify if the Tamper Data plugin was installed on a system, or something else? Am not clear. Cheers! farmerdude ...
3146
Donald Raikes
dnraikes
Oct 4, 2009 1:06 am
Jacques, Thank you for the honest response and warnings. I realize there are some real issues with trying to hunt this down, however, since I have been...
3147
Jacques B.
jboucher_work
Oct 4, 2009 1:28 am
Although I normally don't top post, I suspect that is probably more practical in your case. Not sure if the accessibility software properly skips to the...
3148
nehal dattani
e_motion_nmd
Oct 4, 2009 4:10 pm
Hi farmerdude I am looking for a feature in web server that is it possible to IDENTIFY about status of data. I mean that weather it is system/browser...
3149
Nanni Bassetti
nannib7013
Oct 6, 2009 9:32 am
We brought out the SFDumper 2.1, now finally all the problems on the file names and filtering by extension have been resolved. Try it: ...
3150
Donald Raikes
dnraikes
Oct 8, 2009 8:36 pm
Hi all, Please forgive the cross-posting. I am trying to find any information on MS office metadata, and how to extract it. Is there a spec available for...
3151
sean.mclinden
Oct 8, 2009 9:03 pm
Payne Consulting's Metadata Assistant for versions of Office prior to 2007. Make sure that you have Office 2003 installed not Office 2007 and don't convert...
3152
Lehr, John
slopd4256
Oct 8, 2009 9:10 pm
Take a look here for several ideas: http://viaforensics.com/computer-forensic-howtos/howto-extract-metadata- microsoft-word-linux.html ...
If you are into Perl programing, look at Harlan Carvey's Perl mod File::MSWord and see: http://windowsir.blogspot.com/2006/09/metadata-and-ediscovery.html you...
3155
Simson Garfinkel
simsongarfinkel
Oct 12, 2009 1:14 am
I use libextractor for traditional MS Office files and custom-written tools for the XML-based file formats. You may also find this interesting: Garfinkel, S.,...
3156
Tony Rodrigues
fotografo_to...
Oct 19, 2009 9:07 pm
Hi, folks ! What ssdeep hashset do you use to sort/filter a forensic image ? NSRL doesn't have it, yeah ? []s -- Tony Rodrigues, CISSP, CFCP Forense...
3157
Nanni Bassetti
nannib7013
Oct 29, 2009 11:54 pm
Today was born Caine 1.0, new tools, new mounting policies (safer), new patch....enjoy it! http://www.caine-live.net/ bye ... Dott. Nanni Bassetti Consulente...
3158
santoshmtl
Nov 15, 2009 11:18 am
Hello Friends, I am really new to Forensic field. I am doing Master of Engineering in Information Systems Security. I like this IT Security Field. Since, I am...
3159
Nanni Bassetti
nannib7013
Nov 18, 2009 12:38 pm
Caine 1.5 is online! http://www.caine-live.net/ The Changelog is in home page. New tools, new manual, new web site, new graphics, new kernel. Thanks :-) ... ...
3160
Serii92S
serii92
Nov 24, 2009 2:34 pm
... linux_forensics@yahoogroups.com ... Михай Гимпу во вторник подписал ряд указов об отзыве еще шести...
3161
Simson Garfinkel
simsongarfinkel
Nov 25, 2009 6:00 am
Hi. The program that extracts metadata from Microsoft Office XML files is is called docx_extractor.py. I just added this tool to the "python" directory of the...
