Forensics

Forensics (4)

Computer forensics is a branch of digital forensic science pertaining to legal evidence found in computers and digital storage media. The goal of computer forensics is to examine digital media in a forensically sound manner with the aim of identifying, preserving, recovering, analyzing and presenting facts and opinions about the digital information.

The GNU Core Utilities are the basic file, shell and text manipulation utilities of the GNU operating system.
These are the core utilities which are expected to exist on every operating system.

dcfldd is an enhanced version of GNU dd with features useful for forensics and security. Based on the dd program found in the GNU Coreutils package, dcfldd has the following additional features:

  • Hashing on-the-fly - dcfldd can hash the input data as it is being transferred, helping to ensure data integrity.
  • Status output - dcfldd can update the user of its progress in terms of the amount of data transferred and how much longer operation will take.
  • Flexible disk wipes - dcfldd can be used to wipe disks quickly and with a known pattern if desired.
  • Image/wipe Verify - dcfldd can verify that a target drive is a bit-for-bit match of the specified input file or pattern.
  • Multiple outputs - dcfldd can output to multiple files or disks at the same time.
  • Split output - dcfldd can split output to multiple files with more configurability than the split command.
  • Piped output and logs - dcfldd can send all its log data and output to commands as well as files natively.
Sunday, 16 August 2015 13:19 Written by in Forensics
Sunday, 16 August 2015 11:25 Written by in Forensics

Autopsy® and The Sleuth Kit® are open source digital investigation tools (a.k.a. digital forensic tools) that run on Windows, Linux, OS X, and other Unix systems. They can be used to analyze disk images and perform in-depth analysis of file systems (such as NTFS, FAT, HFS+, Ext3, and UFS) and several volume system types.

Examiners and analysts can use the Autopsy graphical interface or The Sleuth Kit (TSK) command line tools to conduct an investigation. Join the sleuthkit-users list to ask questions and help others.

Developers can write modules to extend the functionality of both Autopsy and TSK. Refer to the Autopsy Developer's Guide or the TSK Framework Module Writer's Guide for details on how to incorporate your tools into TSK and Autopsy.

If you need a custom, automated solution, then you can build one using the TSK libraries or the framework. We have also done research on using Hadoop to analyze disk images using cloud computing infrastructures.

Sunday, 28 June 2015 21:51 Written by in Forensics

Autopsy® is a digital forensics platform and graphical interface to The Sleuth Kit and other digital forensics tools. It can be used to analyze disk images and perform in-depth analysis of file systems (such as NTFS, FAT, HFS+, Ext3, and UFS) and several volume system types.

Friday, 22 May 2015 00:20 Written by in Forensics

Warranty Disclaimer

Warranty Disclaimer: The FBI, InfraGard, and its affiliates provide information, including but not limited to software, documentation, training, and other guidance to be known as “materials”. The materials are provided as-is and we expressly disclaim any and all warranties, express or implied, including, and without limitation, the implied warranties of merchantability, fitness for a particular purpose, non-infringement, quiet enjoyment, and integration, and warranties arising out of course of dealing or usage of trade. You agree that, as between you and the FBI, InfraGard, and its affiliates, you are responsible for the outcome of the use of materials made available, including but not limited to adherence to licensing requirements, and taking legal and regulatory considerations into account. There is no guarantee of accuracy, completeness, timeliness, or correct sequencing of the information provided.