Difference between pages "Bibliography" and "Linux Repositories"

From ForensicsWiki
(Difference between pages)
Jump to: navigation, search
m
 
(Imaging Tools)
 
Line 1: Line 1:
=Disk Disposal and Data Recovery=
 
* [http://www.deepspar.com/pdf/DeepSparDiskImagingWhitepaper3.pdf Disk Imaging: A Vital Step in Data Recovery], DeepSpar Data Recovery Systems, November 2006. An in depth look at the many issues that cause data loss / irretrievable data in the data recovery imaging process and how to overcome them.
 
* [http://www.actionfront.com/ts_whitepaper.asp Drive-Independent Data Recovery: The Current State-of-the-Art], ActionFront Data Recovery Labs, August 2005.
 
* [[Recovering Overwritten Data#The Gutmann Paper|Secure Deletion of Data from Magnetic and Solid-State Memory]], Peter Gutmann, Proceedings of the Sixth Usenix Security Symposium, 1996. [http://www.cs.auckland.ac.nz/~pgut001/pubs/secure_del.html]
 
* [http://www-03.ibm.com/financing/pdf/us/recovery/igf4-a032.pdf Hard Drive Disposal: The Overlooked Confidentiality Exposure], FInancial Perspectives, IBM White Paper, November 2003.
 
  
=Evidence Gathering=
+
There are a number of linux distributions.
  
* [http://utdallas.edu/~sxs018540/index/docs/byteprints_itcc05.pdf Byteprints: A Tool to Gather Digital Evidence], Sriranjani Sitaraman, Srinivasan Krishnamurthy and S. Venkatesan, Proceedings of the International Conference on Information Technology (ITCC 2005), Las Vegas, Nevada, USA, April 4 - 6, 2005
+
In general they have primary repositories which are setup for every installation of the operating system and they have special purpose repositories which require specific setup.
  
=Fake Information=
+
=Repository Setup=
 +
==openSUSE==
 +
For current openSUSE 11.4 and 12.1 users it is necessary to have the following repositories configured:
  
* [https://analysis.mitre.org/proceedings/Final_Papers_Files/84_Camera_Ready_Paper.pdf Automatic Detection of Fake File Systems], Neil C. Rowe, International Conference on Intelligence Analysis Methods and Tools, McLean, Virginia, May 2005.
+
*security
 +
*devel:languages:perl
 +
*devel:languages:python
  
=Other Papers=
+
This is most easily done from the command line via (assumes openSUSE 12.1):
  
* [http://citeseer.ist.psu.edu/shanmugasundaram03automatic.html Automatic Reassembly of Document Fragments via Context Based Statistical Models], Kulesh Shanmugasundaram and Nasir Memon.  
+
sudo zypper ar -f <nowiki>http://download.opensuse.org/repositories/security/openSUSE_12.1</nowiki> security
 +
sudo zypper ar -f <nowiki>http://download.opensuse.org/repositories/devel:/languages:/perl</nowiki>/openSUSE_12.1 perl
 +
  sudo zypper ar -f <nowiki>http://download.opensuse.org/repositories/devel:/languages:/python/openSUSE_12.1</nowiki> python
 +
 +
zypper lr  <nowiki>          </nowiki>  # used to verify you have the repos installed
  
* [http://papers.ssrn.com/sol3/papers.cfm?abstract_id=531782 A Model for When Disclosure Helps Security: What is Different About Computer and Network Security?], Peter P. Swire, Moritz College of Law of the Ohio State University, Journal on Telecommunications and High Technology Law, Vol. 2, 2004.
+
==fedora==
 +
==debian==
 +
==ubuntu==
  
=Signed Evidence=
+
=Computer Forensic Tools=
<bibtex>
+
Below is a list of computer forensic tools.  For each tool the repository it can be found in and the version in the repository is shown.
@article{duerr-2004,
+
 
  title="Information Assurance Applied to Authentication of Digital Evidence",
+
As an example, aimage is in the openSUSE security repository and it is version 3.2.5
  author="Thomas E. Duerr and Nicholas D. Beser and Gregory P. Staisiunas",
+
 
   year=2004,
+
==Imaging Tools==
   journal="Forensic Science Communications",
+
 
   volume=6,
+
{|border="1" cellpadding="2" cellspacing="0" {{repository table}}
   number=4,
+
|-
   url="http://www.fbi.gov/hq/lab/fsc/backissu/oct2004/research/2004_10_research01.htm"
+
|rowspan=1| '''Tool'''
}
+
|'''openSUSE'''
  </bibtex>
+
|'''fedora'''
 +
|'''debian'''
 +
|'''ubuntu'''
 +
|'''comment'''
 +
|'''General Remarks'''
 +
 
 +
|-
 +
|rowspan=1| [http://www.e-fense.com/helix/ adepto]
 +
|N/A <!-- opensuse -->
 +
|?              <!-- fedora-->
 +
|?              <!-- debian-->
 +
|?              <!-- ubuntu-->
 +
|  <!-- comment -->
 +
|adepto is included in the helix boot cd<!-- General Remarks -->
 +
 
 +
|-
 +
|rowspan=1| [[aimage]]
 +
|security/3.2.5 <!-- opensuse -->
 +
|?              <!-- fedora-->
 +
|?              <!-- debian-->
 +
|?              <!-- ubuntu-->
 +
|a imaging tool to create aff format images   <!-- comment -->
 +
|aimage has been EOL'ed.  guymager or ftkimager (windows/mac) are recommended for creating aff images. <!-- General Remarks -->
 +
 
 +
|-
 +
|rowspan=1| [[AIR]]
 +
|N/A <!-- opensuse -->
 +
|?              <!-- fedora-->
 +
|?              <!-- debian-->
 +
|?              <!-- ubuntu-->
 +
|Automated Image and Restore   <!-- comment -->
 +
|a GUI front-end to dd and dc3dd designed for easily creating forensic bit images <!-- General Remarks -->
 +
 
 +
|-
 +
|rowspan=1| [[dc3dd]]
 +
|security*/7.1.614 <!-- opensuse -->
 +
|?              <!-- fedora-->
 +
|?              <!-- debian-->
 +
|?              <!-- ubuntu-->
 +
|DoD Cyber Crime Center DD  <!-- comment -->
 +
|This tool was formerly known as dcfldd.  When released as dc3dd it was totally rewritten. <!-- General Remarks -->
 +
 
 +
|-
 +
|rowspan=1| [[ddrescue]]
 +
|Base/1.14 <!-- opensuse -->
 +
|?              <!-- fedora-->
 +
|?              <!-- debian-->
 +
|?              <!-- ubuntu-->
 +
|Also known as GNU ddrescue<!-- comment -->
 +
|This tool is different than dd_rescue.
 +
 
 +
|-
 +
|rowspan=1| [[dd_rescue]]
 +
|N/A <!-- opensuse -->
 +
|?              <!-- fedora-->
 +
|?              <!-- debian-->
 +
|?              <!-- ubuntu-->
 +
|<!-- comment -->
 +
|This tool is different than GNU ddrescue.
 +
 
 +
|-
 +
|rowspan=1| [[IXimager]]
 +
|N/A <!-- opensuse -->
 +
|?              <!-- fedora-->
 +
|?              <!-- debian-->
 +
|?              <!-- ubuntu-->
 +
|A law enforcement only imager<!-- comment -->
 +
|used in conjunction with ILook Investigator
 +
 
 +
|-
 +
|rowspan=1| [[libewf|ewfacquire]]
 +
|security*/20100226 <!-- opensuse -->
 +
|?              <!-- fedora-->
 +
|?              <!-- debian-->
 +
|?              <!-- ubuntu-->
 +
|a imaging tool to create ewf format images   <!-- comment -->
 +
|ewfacquire is part of ewftools in some distributions.<!-- General Remarks -->
 +
 
 +
|-
 +
|rowspan=1| [[LinEn]]
 +
|N/A <!-- opensuse -->
 +
|?              <!-- fedora-->
 +
|?              <!-- debian-->
 +
|?              <!-- ubuntu-->
 +
|a proprietary imaging tool to create ewf format images   <!-- comment -->
 +
|included on the Helix boot CD<!-- General Remarks -->
 +
 
 +
|-
 +
|rowspan=1| [[guymager]]
 +
|N/A<!-- opensuse -->
 +
|?              <!-- fedora-->
 +
|?              <!-- debian-->
 +
|?              <!-- ubuntu-->
 +
|a imaging tool to create aff format images   <!-- comment -->
 +
|Guymager is an open source forensic imager. It focuses on user friendliness and high speed.  <!-- General Remarks -->
 +
 
 +
|-
 +
|rowspan=1| [http://sourceforge.net/projects/rdd rdd]
 +
|N/A <!-- opensuse -->
 +
|?              <!-- fedora-->
 +
|?              <!-- debian-->
 +
|?              <!-- ubuntu-->
 +
|a dd-like tool, with forensic imaging features  <!-- comment -->
 +
|Rdd is robust with respect to read errors<!-- General Remarks -->
 +
 
 +
|-
 +
|rowspan=1| [ftp://ftp.berlios.de/pub/sdd/ sdd]
 +
|Archiving:Backup/1.52 <!-- opensuse -->
 +
|?              <!-- fedora-->
 +
|?              <!-- debian-->
 +
|?              <!-- ubuntu-->
 +
|a dd-like tool<!-- comment -->
 +
|Designed to work well when IBS != OBS. Working with tape is an example.<!-- General Remarks -->
 +
 
 +
|}
 +
 
 +
*package will appear in the base release with the next full distribution release.

Revision as of 19:28, 24 February 2012

There are a number of linux distributions.

In general they have primary repositories which are setup for every installation of the operating system and they have special purpose repositories which require specific setup.

Repository Setup

openSUSE

For current openSUSE 11.4 and 12.1 users it is necessary to have the following repositories configured:

  • security
  • devel:languages:perl
  • devel:languages:python

This is most easily done from the command line via (assumes openSUSE 12.1):

sudo zypper ar -f http://download.opensuse.org/repositories/security/openSUSE_12.1 security
sudo zypper ar -f http://download.opensuse.org/repositories/devel:/languages:/perl/openSUSE_12.1 perl
sudo zypper ar -f http://download.opensuse.org/repositories/devel:/languages:/python/openSUSE_12.1 python

zypper lr               # used to verify you have the repos installed

fedora

debian

ubuntu

Computer Forensic Tools

Below is a list of computer forensic tools. For each tool the repository it can be found in and the version in the repository is shown.

As an example, aimage is in the openSUSE security repository and it is version 3.2.5

Imaging Tools

Tool openSUSE fedora debian ubuntu comment General Remarks
adepto N/A ? ? ? adepto is included in the helix boot cd
aimage security/3.2.5 ? ? ? a imaging tool to create aff format images aimage has been EOL'ed. guymager or ftkimager (windows/mac) are recommended for creating aff images.
AIR N/A ? ? ? Automated Image and Restore a GUI front-end to dd and dc3dd designed for easily creating forensic bit images
dc3dd security*/7.1.614 ? ? ? DoD Cyber Crime Center DD This tool was formerly known as dcfldd. When released as dc3dd it was totally rewritten.
ddrescue Base/1.14 ? ? ? Also known as GNU ddrescue This tool is different than dd_rescue.
dd_rescue N/A ? ? ? This tool is different than GNU ddrescue.
IXimager N/A ? ? ? A law enforcement only imager used in conjunction with ILook Investigator
ewfacquire security*/20100226 ? ? ? a imaging tool to create ewf format images ewfacquire is part of ewftools in some distributions.
LinEn N/A ? ? ? a proprietary imaging tool to create ewf format images included on the Helix boot CD
guymager N/A ? ? ? a imaging tool to create aff format images Guymager is an open source forensic imager. It focuses on user friendliness and high speed.
rdd N/A ? ? ? a dd-like tool, with forensic imaging features Rdd is robust with respect to read errors
sdd Archiving:Backup/1.52 ? ? ? a dd-like tool Designed to work well when IBS != OBS. Working with tape is an example.
  • package will appear in the base release with the next full distribution release.