Difference between pages "Upcoming events" and "ALT Linux Rescue"

From ForensicsWiki
(Difference between pages)
Jump to: navigation, search
(Conferences)
 
m (Tools included: added several tools by Joachim Metz)
 
Line 1: Line 1:
<b>PLEASE READ BEFORE YOU EDIT THE LISTS BELOW</b><br>
+
{{Infobox_Software |
When events begin the same day, events of a longer length should be listed first.  New postings of events with the same date(s) as other events should be added after events already in the list. Please use three-letter month abbreviations (i.e. Sep, NOT Sept. or September), use two digit dates (i.e. Jan 01 NOT Jan 1), and use date ranges rather than listing every date during an event(i.e. Jan 02-05, NOT Jan 02, 03, 04, 05).<br>
+
  name = ALT Linux Rescue |
<i>Some events may be <u>limited</u> to <b>Law Enforcement Only</b> or to a specific audience. Such restrictions should be noted when known.</i>
+
  maintainer = Michael Shigorin |
 +
  os = {{Linux}} |
 +
  genre = {{Live CD}} |
 +
  license = {{GPL}}, others |
 +
  website = [http://en.altlinux.org/Rescue en.altlinux.org/rescue] |
 +
}}
  
This is a BY DATE listing of upcoming events relevant to [[digital forensics]].  It is not an all inclusive list, but includes most well-known activities.  Some events may duplicate events on the generic [[conferences]] page, but entries in this list have specific dates and locations for the upcoming event.
+
'''ALT Linux Rescue''' is yet another sysadmin's [[Live CD]] with some forensic capabilities and features.
  
This listing is divided into three sections (described as follows):<br>
+
== Intro ==
<ol><li><b><u>[[Upcoming_events#Calls_For_Papers|Calls For Papers]]</u></b> - Calls for papers for either Journals or for Conferences, relevant to Digital Forensics (Name, Closing Date, URL)</li><br>
+
<li><b><u>[[Upcoming_events#Conferences|Conferences]]</u></b> - Conferences relevant for Digital Forensics (Name, Date, Location, URL)</li><br>
+
<li><b><u>[[Training Courses and Providers]]</u></b> - Training </li><br></ol>
+
  
== Calls For Papers ==
+
This weekly-updated image is intended to be text-only toolchest for data analysis and recovery.
Please help us keep this up-to-date with deadlines for upcoming conferences that would be appropriate for forensic research.
+
  
{| border="0" cellpadding="2" cellspacing="2" align="top"
+
It will not try to use swap partitions or autodetect and automount file systems unless requested explicitly.
|- style="background:#bfbfbf; font-weight: bold"
+
! width="30%|Title
+
! width="15%"|Due Date
+
! width="15%"|Notification Date
+
! width="40%"|Website
+
|-
+
|6th International Conference on Digital Forensics & Cyber Crime
+
|May 16, 2014
+
|Jul 30, 2014
+
|http://d-forensics.org/2014/show/cf-calls
+
|-
+
|2014 Annual Computer Security Applications Conference
+
|Jun 01, 2014
+
|Aug 15, 2014
+
|http://www.acsac.org/2014/cfp/papers/
+
|-
+
|Open Source Digital Forensics Conference
+
|Jun 01, 2014
+
|
+
|http://www.basistech.com/osdfcon/cfp/
+
|-
+
|67th Annual Scientific Meeting of the American Academy of Forensic Sciences
+
|Aug 01, 2014
+
|Nov 01, 2014
+
|http://www.aafs.org
+
|-
+
|Eleventh Annual IFIP WG 11.9 International Conference on Digital Forensics
+
|Oct 01, 2014
+
|Nov 15, 2014
+
|http://www.ifip119.org
+
|-
+
|}
+
  
See also [http://www.wikicfp.com/cfp/servlet/tool.search?q=forensics WikiCFP 'Forensics']
+
Forensic mode is available via a separate boot target for BIOS users and a rescue boot option (via F2) for UEFI users. This will skip activating MDRAID/LVM too.
  
== Conferences ==
+
Build profile suitable for ALT Linux <tt>mkimage</tt> tool is included as <tt>.disk/profile.tgz</tt>.
{| border="0" cellpadding="2" cellspacing="2" align="top"
+
|- style="background:#bfbfbf; font-weight: bold"
+
! width="40%"|Title
+
! width="20%"|Date/Location
+
! width="40%"|Website
+
|-
+
|8th International Conference on IT Security Incident Management & IT Forensics
+
|May 12-14<br>Muenster, Germany
+
|http://www1.gi-ev.de/fachbereiche/sicherheit/fg/sidar/imf/imf2014/
+
|-
+
|2014 IEEE Symposium on Security and Privacy
+
|May 16-23<br>Berkley, CA, USA
+
|http://www.ieee.org/conferences_events/conferences/conferencedetails/index.html?Conf_ID=16517
+
|-
+
|9th ADFSL Conference on Digital Forensics, Security and Law
+
|May 28-29<br>Richmond, VA
+
|http://www.digitalforensics-conference.org/
+
|-
+
|Techno-Security and Forensics Conference
+
|Jun 01-04<br>Myrtle Beach, SC, USA
+
|http://www.techsec.com/html/Security%20Conference%202014.html
+
|-
+
|Mobile Forensics World
+
|Jun 01-04<br>Myrtle Beach, SC, USA
+
|http://www.techsec.com/html/MFC-2014-Spring.html
+
|-
+
|12th International Conference on Applied Cryptography and Network Security
+
|Jun 10-13<br>Lausanne, Switzerland
+
|http://acns2014.epfl.ch/
+
|-
+
|2nd ACM Workshop on Information Hiding and Multimedia Security
+
|Jun 11-13<br>Salzburg, Austria
+
|http://www.ihmmsec.org/
+
|-
+
|54th Conference on Audio Forensics
+
|Jun 12-14<br>London, England
+
|http://www.aes.org/conferences/54/
+
|-
+
|Cyber and NetCentric Workshop (Requires US Security Clearance)
+
|Jun 17-19<br>Lincoln Laboratories, Lexington, MA
+
|https://conferences.ll.mit.edu/cnw/
+
|-
+
|2014 USENIX Annual Technical Conference
+
|Jun 19-20<br>Philadelphia, PA, USA
+
|https://www.usenix.org/conference/atc14
+
|-
+
|26th Annual FIRST Conference: Back to the ‘root’ of Incident Response
+
|Jun 22-27<br>Boston, MA
+
|http://www.first.org/conference/2014
+
|-
+
|44th Annual IEEE/IFIP International Conference on Dependable Systems and Networks
+
|Jun 23-26<br>Atlanta, GA, USA
+
|http://www.dsn.org/
+
|-
+
|Symposium On Usable Privacy and Security (SOUPS) 2014
+
|Jul 09-11<br>Menlo Park, CA, USA
+
|http://cups.cs.cmu.edu/soups/2014/
+
|-
+
|11th Conference on Detection of Intrusions and Malware & Vulnerability Assessment
+
|July 10-11<br>Egham, UK
+
|http://dimva2014.isg.rhul.ac.uk/
+
|-
+
|Black Hat USA 2014
+
|Aug 02-07<br>Las Vegas, NV, USA
+
|https://www.blackhat.com
+
|-
+
|DFRWS 2014
+
|Aug 03-06<br>Denver, CO, USA
+
|http://dfrws.org/2014/index.shtml
+
|-
+
|RCFG GMU 2014
+
|Aug 04-08<br>Fairfax, VA, USA
+
|http://www.rcfg.org/gmu/
+
|-
+
|23rd USENIX Security Symposium
+
|Aug 20-22<br>San Diego, CA, USA
+
|https://www.usenix.org/conferences
+
|-
+
|2014 HTCIA International Conference & Training Expo
+
|Aug 25-27<br>Austin, TX
+
|http://www.htcia.org/2013/11/2014-htcia-international-conference-training-expo/
+
|-
+
|International Conference on Availability, Reliability and Security (ARES)
+
|Sep 08-12<br>Fribourg, Switzerland
+
|http://www.ares-conference.eu/conference/
+
|-
+
|The New Security Paradigms Workshop (NSPW)
+
|Sep 15-18<br>Victoria, British Columbia, Canada
+
|http://www.nspw.org/2014
+
|-
+
|6th International Conference on Digital Forensics & Cyber Crime co-hosted with the Systematic Approaches to Digital Forensic Engineering (SADFE)
+
|Sep 18-20<br>New Haven, CT
+
|http://d-forensics.org/2014/show/home
+
|-
+
|17th International Symposium on Research in Attacks, Intrusions and Defenses (RAID)
+
|Sep 24-26<br>Gothenburg, Sweden
+
|http://www.raid2014.eu/
+
|-
+
|24th Virus Bulletin International Conference
+
|Sep 24-26<br>Seattle, WA
+
|http://www.virusbtn.com/conference/vb2014/index
+
|-
+
|25th Annual Conference & Digital Multimedia Evidence Training Symposium
+
|Oct 06-10<br>Coeur d’Alene, ID, USA
+
|http://www.leva.org/annual-training-conference/
+
|-
+
|5th Annual Open Source Digital Forensics Conference (OSDFCon)
+
|Nov 05<br>Herndon, VA
+
|http://www.basistech.com/osdfcon/
+
|-
+
|2014 Annual Computer Security Applications Conference (ACSAC)
+
|Dec 08-12<br>New Orleans, LA
+
|http://www.acsac.org/
+
|-
+
|Eleventh Annual IFIP WG 11.9 International Conference on Digital Forensics
+
|Jan 26-28<br>Orlando, FL
+
|http://www.ifip119.org
+
|-
+
|67th Annual Scientific Meeting of the American Academy of Forensic Sciences
+
|Feb 16-25<br>Orlando, FL
+
|http://www.aafs.org
+
|-
+
|}
+
  
==See Also==
+
== Tools included ==
* [[Training Courses and Providers]]
+
 
==References==
+
Most of the usual rescue suspects should be there; [[biew]], [[chntpw]], [[dc3dd]]/[[dcfldd]], [[foremost]], [[john]], [[md5deep]], [[nmap]], [[scalpel]], [[sleuthkit]], [[wipefreespace]] to name a few are available either; [[libevt]], [[libevtx]], [[liblnk]], [[libpff]], [[libregf]], [[libuna]], [[libvshadow]], [[libwrc]] tools have been added since 20140514.
* [http://faculty.cs.tamu.edu/guofei/sec_conf_stat.htm Computer Security Conference Ranking and Statistic]
+
 
* [http://www.kdnuggets.com/meetings/ Meetings and Conferences in Data Mining and Discovery]
+
X11-based software is being considered for an extended version.
* http://www.conferencealerts.com/data.htm Data Mining Conferences World-Wide]
+
 
 +
== Platforms ==
 +
 
 +
i586 (BIOS) and x86_64 (BIOS/UEFI); SecureBoot might be left enabled in most occasions.
 +
 
 +
== Deliverables ==
 +
 
 +
Two separate 32/64-bit hybrid ISO images suitable for direct writing onto USB Flash media (or CD-R by chance).
 +
 
 +
== Forensic issues ==
 +
 
 +
Hardening against rootfs spoofing has been implemented as of 20140423 (stage2 squashfs SHA256 check has been contributed by Maxim Suhanov); previous images are vulnerable to ISO9660-on-device containing a squashfs file with predefined name and specially crafted contents.
 +
 
 +
MDRAID/LVM2/swaps activation might occur with images before 20140416 or when booted via the default "Rescue" target; booting into "Forensic mode" will skip that (for both early userspace and final environment as of 20140416) and switch <tt>mount-system</tt> script to use <tt>ro,loop,noexec</tt> mount options (as of 20140423).
 +
 
 +
Physical device write blocking hasn't been considered so far.
 +
 
 +
== Credits ==
 +
 
 +
* [[User:.FUF]] for [[Forensic Live CD issues]] page, sound advice and early userspace patch
 +
 
 +
== External Links ==
 +
* [http://en.altlinux.org/Rescue Project site] (also available in [http://www.altlinux.org/Rescue Russian])
 +
* Part of [http://en.altlinux.org/Regular Regular Builds] based on ALT Linux Sisyphus

Revision as of 04:13, 14 May 2014

ALT Linux Rescue
Maintainer: Michael Shigorin
OS: Linux
Genre: Live CD
License: GPL, others
Website: en.altlinux.org/rescue

ALT Linux Rescue is yet another sysadmin's Live CD with some forensic capabilities and features.

Intro

This weekly-updated image is intended to be text-only toolchest for data analysis and recovery.

It will not try to use swap partitions or autodetect and automount file systems unless requested explicitly.

Forensic mode is available via a separate boot target for BIOS users and a rescue boot option (via F2) for UEFI users. This will skip activating MDRAID/LVM too.

Build profile suitable for ALT Linux mkimage tool is included as .disk/profile.tgz.

Tools included

Most of the usual rescue suspects should be there; biew, chntpw, dc3dd/dcfldd, foremost, john, md5deep, nmap, scalpel, sleuthkit, wipefreespace to name a few are available either; libevt, libevtx, liblnk, libpff, libregf, libuna, libvshadow, libwrc tools have been added since 20140514.

X11-based software is being considered for an extended version.

Platforms

i586 (BIOS) and x86_64 (BIOS/UEFI); SecureBoot might be left enabled in most occasions.

Deliverables

Two separate 32/64-bit hybrid ISO images suitable for direct writing onto USB Flash media (or CD-R by chance).

Forensic issues

Hardening against rootfs spoofing has been implemented as of 20140423 (stage2 squashfs SHA256 check has been contributed by Maxim Suhanov); previous images are vulnerable to ISO9660-on-device containing a squashfs file with predefined name and specially crafted contents.

MDRAID/LVM2/swaps activation might occur with images before 20140416 or when booted via the default "Rescue" target; booting into "Forensic mode" will skip that (for both early userspace and final environment as of 20140416) and switch mount-system script to use ro,loop,noexec mount options (as of 20140423).

Physical device write blocking hasn't been considered so far.

Credits

External Links