Digital Forensics Investigator (DFI) - Useful links
-
Show Host: Mike Rodrick
Show Instructor: Sean Philip Oriyano
- Author/Consultant/Instructor
oriyano.com
Books
Forensic Tool Suites
• Open Source
- The Sleuth Kit / Autopsy
Forensic Incident Response Environment (F.I.R.E.)
Helix3 (also has payed version)
• Commercial Tools (most have free or trial versions)
Other Very Useful Suites
- Windows Sysinternals
Hiren’s BootCD 15.2 - lots of utilities
Burp Suite - also comes with KALI linux
Forensic Operating Systems, VM's, Live CD's/DVD's & USB's
Forensic Tools
- metasploit - also somes with KALI
GetData - data recovery
Hashcat - advanced password recovery
DriveSpy
metagoofil - KALI tool designed for extracting metadata of public documents (pdf,doc,xls,ppt,docx,pptx,xlsx)
PE.Explorer
AUTODESK
ZAMAR - free online file converter
McAfee Free Tools
CRU WiebeTech - forensic products
sourceforge - security utilities
Top 20 Free Digital Forensic Investigation Tools for SysAdmins
Windows System Control Center (WSCC)
Netcat (GNU)
Wireshark
Lizard LABS
Log Parser 2.2 - from Microsoft
WI‑SPY + CHANALYZER
nmap
NirSoft - lots of freeware utilities
regviewer
L0phtCrack - password audit & recovery
IDA - multi-processor disassembler and debugger
gimp - (GNU)
IrfanView - freeware graphic viewer for Windows
OllyDbg
Wikto
Andriod App Ops Starter
Black Hole Faraday Bag
Mobile Forensics
-
Software
-
Hardware
Investigative reports
- http://resources.infosecinstitute.com/computer-forensics-investigation-case-study
http://digital-forensics.sans.org/blog/2010/08/25/intro-report-writing-digital-forensics
https://digital-forensics.sans.org/community/cheat-sheets
http://www.forensicfocus.com/computer-forensics-reports
http://resources.infosecinstitute.com/computer-forensics-investigation-case-study/
https://www.ncjrs.gov/pdffiles1/nij/199408.pdf
Other Forensic Links
- High Technology Crime Investigation Assoc
InfraGard
Digital Inteligence
SANS
SANS Institute InfoSec Reading Room
Logicube
Appliance for Digital Investigation and Analysis (ADIA)
The International Society of Forensic Computer Examiners (ISFCE)
(CCE) Certified Computer Examiner suggested study from ISFCE
(CFTT) Computer Forensics Tool Testing Methodology Overview
(CFReDS) Computer Forensic Reference Data Sets - The CFReDS Project
ARC Group of New York - techpathways
Symantec
Wall of Sheep shop
Some Programming Languages
ITPro.tv Courses that compliment DFI
- PowerShell Course for Administrators
Wireshark
Network+
Security+
(CEH) Certified Ethical Hacker
(SSCP) Systems Security Certified Practitioner
(CISSP) Certified Information Systems Security Professional
Day 3 WEDNESDAY links :
Paterva
NEXPOSE - Vulnerability management
Notepad++
virtualbox
DEEP LOG ANALYZER
Hyper-v: virtual machines on Windows 8.1
Darik's Boot And Nuke(dban) - Data Wiping Software
WhiteCanyon SoftwareDay 4 THURSDAY links:
- NSA Media Destruction Guidance
Disklabs
Cold Boot Attacks on Encryption - Princeton.edu paper
wotsit.org
Other Useful Links
- Backup & Restore MBR in Windows
The Basic: What is e-Discovery
In-Place eDiscovery & Hold in Exchange 2013
Steganograpy
Hard Drive Recovery Videos
Michala's Certified Ethical Hacker(CEH) forum link:
A must view forum
Forensic Certifications
• (CCE) Certified Computer Examiner
• (CCCI) Certified Computer Crime Investigator
• (CFCE) Computer Forensics Computer Examiner
• (CIFI) Certified Information Forensics Investigator
• (PCI) Professional Certified Investigator• (CCFE) Certified Computer Forensics Expert
• (CDRP) Certified Data Recovery Professional• (CISSP) Certified Information Systems Security Professional
More Certifications & information
• (ISC2)
• (IACRB) Information Assurance Certification Review Board
• Computer ForenicsBooks
• Forensic Discovery by Dan Farmer and Wierse Venema
• Internet Forensics by Robert Jones
• File System Forensic Analysis by Brian Carrier
• Windows Forensic Analysis DVD Toolkit, Second Edition by Harlan CarveyInternet Sites
http://www.forensicfocus.com
http://www.digital-evidence.org/
http://www.fbi.gov/cyberinvest/cyberhome.htm
http://krebsonsecurity.com/2010/03/researchers-map-multi-network-cybercrime-infrastructure/
http://www.ccmostwanted.com/
http://www.symantec.com/norton/cybercrime/index.jsp
http://www.antiphishing.org/
http://dataprotection.ie
http://www.tjmcintyre.com
http://en.wikipedia.org/wiki/Computer_crimeJournals
- Journal of Digital Forensics, Security and Law
- International Journal of Digital Crime and Forensics
- Journal of Digital Investigation
- International Journal of Digital Evidence
- International Journal of Forensic Computer Science
- Journal of Digital Forensic Practice
- Cryptologia
- Small Scale Digital Device Forensic Journal
Misc links
Articles From News
- Irish Pupils record's at risk
Phishing Email Destroys Hard Drives to avoid detection
NETFLIX Introducing FIDO: Automated Security Incident Response
Celebrate Screen-Free Week May 4th-10th
Super secretive malware wipes hard drive to prevent analysis
Phoebe Prince Suicide from Cyber Bullying
Garda (Irish Cops) is accused of stalking ex-boyfriend
Episode 1 - Modern Computer Forensic
• Categories of Attacks- Person on Person
Person on Computer
Computer on Computer
•Types of Cyber Crime - Corporate crime
Criminal crime
![alt text]([image url](link url))
Episode 11 - Wireless
- http://www.riverbed.com/products/performance-management-control/network-performance-management/wireless-packet-capture.html#Overview
http://www.tenable.com/products/nessus-vulnerability-scanner
http://www.metageek.com/products/eye-pa/
Episode 12 - Investigating Email Crime
-
Spam Senders Convicted In First Felony Case
CAN-SPAM Act: A Compliance Guide for Business
Department of Defense Releases New Cyber Strategy
File Carving
Formost
Scalpel
TestDisk and PhotoRec, CmosPwd,Lilo Password,Chntpw for dos
PC Inspector
quickdatarecoverypro
Stellar Phoenix: File Recovery Software
Data Recovery Wizard Professional -
Partition Recovery
- Author/Consultant/Instructor
-
@Ben-Coyle Thanks so much for putting together the links list for this series of shows. I so wish I could attend live but work gets in the way ;)
-
ITProTV family!
Great job keeping each other informed!
Cordially,
Ronnie Wong
Host, ITProTV -
@Ben-Coyle Here's another one for your list based on the comment about Sean's books: https://www.goodreads.com/author/list/4511669.Sean_Philip_Oriyano
-
In the UK forensic investigators have to follow the ACPO Good Practice Guide for Digital Evidence (2011). These core principles apply:
Principle 1: Data stored in a computer or storage media must not be altered or changed, as those data may be later presented in the court.
Principle 2: A person must be competent enough in handling the original data held on a computer or storage media if it is necessary, and he/she also shall be able to give the evidence explaining the relevance and course of their actions.
Principle 3: An audit trail or other documentation of all processes applied to computer-based electronic evidence should be created and preserved. An independent third party should be able to examine those processes and achieve the same result.
Principle 4: A person who is responsible for the investigation must have overall responsibility for accounting that the law and the ACPO principles are adhered to.
-
@Ben-Coyle Another one for your list. Today I came across the 'Forensic Acquisition of Websites Project' tool which not only captures the website but records a video and takes a packet trace a the same time. It saves it all into a folder. Pretty neat - not sure if acceptable in court or not.
-
@Ben-Coyle Last one for today, I've been playing with an all in one suite 'OS Forensics' which seems okay. It logs your actions and can generate a report of signifcant findings that you flag - take a look and waste some more time playing with tools :)
-
I like the links you put together. I will investigate deeper.
I would also like to point out a investigative tool that focuses on Apple products call Black Light from Black Bag Technologies.
We have more Apple devices than Windows so it made sense for us to go with this tool. Like Encase or FTK it can analyze and carve other system but it has that apple look.
-
I've not looked at these in depth but this guy has put together a pretty impressive list that he calls "Forensic Challenges."
http://www.amanhardikar.com/mindmaps/ForensicChallenges.html