Difference between pages "Second Look" and "Lee Whitfield"

From ForensicsWiki
(Difference between pages)
Jump to: navigation, search
(External Links)
 
 
Line 1: Line 1:
{{Infobox_Software |
+
[[File:LeeW.jpg|200px|thumb|right|Lee W]] Before becoming involved in the field of digital forensics Lee worked for an international construction law company working directly under the director responsible for forensic construction. Lee's passion for computers caused him to enrol in the first Computing (Forensics) degree at the University of Central Lancashire in Preston. Graduating three years later Lee started his first job in digital forensics. It was here that he gained a good grounding in the field. After two years he moved to join his brother, Simon, at Zentek Forensics. Lee now works as the lab manager and is directly responsible for all computer examinations performed at Zentek. Even though Lee has only worked in the field for four years he has conducted approximately 200 investigations and has experience in cases involving child abuse, rape, attempted murder, fraud, intellectual property theft, burglary, and so on.
  name = Second Look |
+
  maintainer = [[Raytheon Pikewerks Corporation]] |
+
  os = {{Linux}} |
+
  genre = {{Memory analysis}} |
+
  license = commercial |
+
  website = [http://secondlookforensics.com/ secondlookforensics.com/] |
+
}}
+
 
+
[[File:second_look_logo.png]]
+
 
+
The Incident Response edition of '''Second Look®: Linux Memory Forensics''' is designed for use by investigators who need quick, easy, and effective Linux memory acquisition and analysis capabilities.
+
Second Look® is a product of [[Raytheon Pikewerks Corporation]].
+
 
+
== Memory Acquisition ==
+
Second Look® preserves the volatile system state, capturing evidence and information that does not exist on disk and may otherwise be lost as an investigation proceeds. A command-line script allows for acquisition of memory from running systems without introducing any additional software. A memory access driver is provided for use on systems without a native interface to physical memory.
+
 
+
== Memory Analysis ==
+
Second Look® interprets live system memory or captured memory images, detecting and reverse engineering malware, including stealthy kernel rootkits and backdoors. A kernel integrity verification approach is utilized to compare the Linux kernel in memory with a reference kernel.  Pikewerks provides thousands of reference kernels derived from original distribution kernel packages, and a script for creating reference kernels for other systems, such as those running custom kernels.
+
 
+
Second Look® also applies an integrity verification approach for the analysis of each process in memory.  This enables it to detect unauthorized applications as well as stealthy user-level malware.
+
 
+
== Supported Systems ==
+
Second Look® is regularly updated to support analysis of the latest kernels and the most commonly used Linux distributions.  The following are its capabilities as of April 2012:
+
* Supported target kernels: 2.6.x, 3.x up to 3.2
+
* Supported target architectures: x86 32- and 64-bit
+
* Supported target distributions: Debian 4-6, RHEL/CentOS 4-6, Ubuntu 4.10-12.04, and more!
+
 
+
== External Links ==
+
* [http://secondlookforensics.com Second Look®]
+

Revision as of 19:21, 20 August 2011

Lee W
Before becoming involved in the field of digital forensics Lee worked for an international construction law company working directly under the director responsible for forensic construction. Lee's passion for computers caused him to enrol in the first Computing (Forensics) degree at the University of Central Lancashire in Preston. Graduating three years later Lee started his first job in digital forensics. It was here that he gained a good grounding in the field. After two years he moved to join his brother, Simon, at Zentek Forensics. Lee now works as the lab manager and is directly responsible for all computer examinations performed at Zentek. Even though Lee has only worked in the field for four years he has conducted approximately 200 investigations and has experience in cases involving child abuse, rape, attempted murder, fraud, intellectual property theft, burglary, and so on.