Difference between pages "First Responder's Evidence Disk" and "Cyberspeak podcast"

From ForensicsWiki
(Difference between pages)
Jump to: navigation, search
m (Added category)
 
(Full list of interviews)
 
Line 1: Line 1:
The First Responder's Evidence Disk, or FRED, is a script based [[Incident Response|incident response]] tool. It was designed to capture volatile information from a computer system for later analysis without modifying anything on the victim. It consists of a batch file used to execute a set of known good tools that gather the state of a victim computer system. It was similar to the [[IRCR]] program and has been widely imitated by other tools. Many other incident response tools used names similar to FRED.
+
A semi-weekly podcast by [[Bret Padres]] and [[Ovie Carroll]], both former [[AFOSI]] agents. The show first aired on 4 Dec 2005.
  
== Usage ==
+
== Interviews ==
  
The program was distributed as a compressed 1.44 MB floppy image. The examiner runs this image on a safe system and writes the FRED program out to a piece of removable media such as a floppy disk or USB device. The examiner then connects this device to the victim machine. When run, the FRED program writes information out to an audit file on the removable device. The examiner takes this audit file back to the safe system for later analysis. The audit file can also be sent to other investigators if desired.
+
Each week the podcast usually features at least one interview.
  
== History ==
+
=== 2005 ===
  
FRED was developed by [[Jesse Kornblum]] for the [[Air Force Office of Special Investigations]] starting in the fall of 2000 and was first released in 2001. The tool was publicly unveiled the following year at the [[Digital Forensic Research Workshop|DFRWS Conference]]. Although the component parts of FRED were not released, mostly due to licensing restrictions, Kornblum did present a paper, ''[http://dfrws.org/2002/papers/Papers/Jesse_Kornblum.pdf Preservation of Fragile Digital Evidence by First Responders]'', that included the FRED script.
+
* 18 Dec 2005: [[Nicholas Harbour]], author of [[Dcfldd]]
 +
* 31 Dec 2005: [[Jesse Kornblum]], author of [[foremost]] and [[md5deep]]
  
A version of the FRED script was later incorporated into the [[Helix]] disk.
+
=== 2006 ===
  
There was a proposal for a program to process the audit files into [[HTML]], but this never came to fruition.
+
* 7 Jan 2006: [[Drew Fahey]], author of [[Helix]]
 +
* 18 Jan 2006: [[Simple Nomad]]
 +
* 21 Jan 2006: [[Johnny Long]]
 +
* 28 Jan 2006: [[Kevin Mandia]]
  
Since 2004 FRED has been maintained by the [[AFCERT|Air Force Computer Emergency Response Team]] and is not publicly available.
 
  
== Trivia ==
+
* 4 Feb 2006: [[Brian Carrier]]
 +
* 11 Feb 2006: [[Jesse Kornblum]]
 +
* 18 Feb 2006: [[Bruce Potter]] of the Shmoo Group
 +
* 25 Feb 2006: [[Kris Kendall]] speaks about malware analysis
  
The desire for a recursive [[MD5]] program for FRED inspired the development of [[md5deep]].
 
  
== See Also ==
+
* 4 Mar 2006: [[Dave Merkel]]
 +
* 11 Mar 2006: [[James Wiebe]] of [[Wiebe Tech]]. Also [[Todd Bellows]] of [[LogiCube]] about [[CellDek]]
 +
* 18 Mar 2006: [[Kris Kendall]]
 +
* 25 Mar 2006: (No interview)
  
* [[IRCR]]
 
* [[COFEE]]
 
  
[[Category:Incident response tools]]
+
* 1 Apr 2006: [[Harlan Carvey]], creator of the [[Forensic Server Project]]
 +
* 8 Apr 2006: (No interview)
 +
* 15 Apr 2006: (No interview), but first to mention the [[Main_Page|Forensics Wiki]]!
 +
* 22 Apr 2006: [[Jaime Florence]] about [[Mercury]], a text indexing product
 +
 
 +
 
 +
* 6 May 2006: [[Mark Rache]] and [[Dave Merkel]]
 +
* 13 May 2006: [[Steve Bunting]]
 +
* 21 May 2006: [[Mike Younger]]
 +
* 29 May 2006: [[Mike Younger]]
 +
 
 +
 
 +
* 3 Jun 2006: [[Jesse Kornblum]] about [[Windows Memory Analysis]]
 +
* 10 Jun 2006: (No interview)
 +
* 17 Jun 2006: [[Mike Younger]]
 +
* 24 Jun 2006: (No interview)
 +
 
 +
 
 +
* 1 Jul 2006: (No interview)
 +
* 9 Jul 2006: [[Johnny Long]]
 +
* 18 Jul 2006: [[Dark Tangent]]
 +
* 30 Jul 2006: [[Jesse Kornblum]] about [[Ssdeep|ssdeep]] and [[Context Triggered Piecewise Hashing|Fuzzy Hashing]]
 +
 
 +
 
 +
* 10 Aug 2006: [[Brian Contos]] discusses his book '''Insider Threat: Enemy at the Watercooler'''
 +
* 13 Aug 2006: [[Richard Bejtlich]] discusses his book '''Real Digital Forensics'''
 +
* 27 Aug 2006: [[David Farquhar]]
 +
 
 +
 
 +
* 3 Sep 2006: [[Keith Jones]]
 +
* 10 Sep 2006: (No Interview)
 +
* 17 Sep 2006: (No Interview)
 +
* 24 Sep 2006: (No Interview)
 +
 
 +
 
 +
* 1 Oct 2006: [[Brian Kaplan]], author of [[LiveView]]
 +
* 8 Oct 2006: [[Tom Gallagher]] discusses his book '''Hunting Security Bugs'''
 +
* 15 Oct 2006: (No Interview)
 +
* 29 Oct 2006: (No Interview)
 +
 
 +
 
 +
* 12 Nov 2006: [[Jesse Kornbum]] discusses his paper '''Exploiting the Rootkit Paradox with Windows Memory Analysis'''
 +
* 19 Nov 2006: [[Kris Kendall]] discusses unpacking binaries when conducting malware analysis
 +
* 26 Nov 2006: (No Interview)
 +
 
 +
 
 +
* 3 Dec 2006: [[Brian Dykstra]]
 +
* 10 Dec 2006: [[Mike Younger]]
 +
* 17 Dec 2006: [[Mike Younger]] and [[Geoff Michelli]]
 +
 
 +
=== 2007 ===
 +
 
 +
* 7 Jan 2007: [[Jamie Butler]]
 +
* 17 Jan 2007: [[Chad McMillan]]
 +
* 28 Jan 2007: [[Jesse Kornblum]]
 +
 
 +
 
 +
* 11 Feb 2007: [[Scott Moulton]]
 +
* 18 Fen 2007: [[Phil Zimmerman]], creator of [[PGP]] discussing his new [[Zfone]]
 +
* 25 Feb 2007: [[Mark Menz]] and [[Jeff Moss]]
 +
 
 +
 
 +
== External Links ==
 +
 
 +
[http://cyberspeak.libsyn.com/ Official website]

Revision as of 14:51, 27 February 2007

A semi-weekly podcast by Bret Padres and Ovie Carroll, both former AFOSI agents. The show first aired on 4 Dec 2005.

Interviews

Each week the podcast usually features at least one interview.

2005

2006









  • 3 Sep 2006: Keith Jones
  • 10 Sep 2006: (No Interview)
  • 17 Sep 2006: (No Interview)
  • 24 Sep 2006: (No Interview)


  • 1 Oct 2006: Brian Kaplan, author of LiveView
  • 8 Oct 2006: Tom Gallagher discusses his book Hunting Security Bugs
  • 15 Oct 2006: (No Interview)
  • 29 Oct 2006: (No Interview)


  • 12 Nov 2006: Jesse Kornbum discusses his paper Exploiting the Rootkit Paradox with Windows Memory Analysis
  • 19 Nov 2006: Kris Kendall discusses unpacking binaries when conducting malware analysis
  • 26 Nov 2006: (No Interview)


2007



External Links

Official website