|
|
| Line 1: |
Line 1: |
| | {{Infobox_Software | | | {{Infobox_Software | |
| − | name = THE FARMER'S BOOT CD | | + | name = ssdeep | |
| − | maintainer = [[Thomas Rude]] | | + | maintainer = [[Jesse Kornblum]] | |
| − | os = {{Linux}}, {{Windows}} | | + | os = [[Linux]], [[Windows]], [[OS X]], [[BSD]], [[Solaris]] | |
| − | genre = {{Live CD}} | | + | genre = [[Hashing]] | |
| − | license = ??? | | + | license = {{GPL}} | |
| − | website = [http://www.forensicbootcd.com/ forensicbootcd.com] | | + | website = [http://ssdeep.sourceforge.net/ ssdeep.sf.net] | |
| | }} | | }} |
| | | | |
| − | '''THE FARMER'S BOOT CD''' ('''FBCD''') is a [[Linux]] [[boot CD]] developed by [[Thomas Rude]] ('farmerdude'). Taking a different approach than other [[Live CDs]], this CD was designed and optimized for previewing systems before acquiring. It contains a number of programs forensic practitioners can utilize to preview both [[Windows]] and [[Linux]] systems in a [[forensically sound]] manner.
| |
| | | | |
| − | == Preview Capabilities ==
| + | ssdeep is a program for computing and matching [[Context Triggered Piecewise Hashing]] values. It is based on a spam detector called [http://samba.org/ftp/unpacked/junkcode/spamsum/ spamsum] by [http://en.wikipedia.org/wiki/Andrew_Tridgell Andrews Trigdell]. |
| − | | + | |
| − | THE FARMER'S BOOT CD has been designed for previewing both Windows and Linux systems. On-site previews before acquisitions is an emerging trend in the U.S.A. due to legal and technological reasons.
| + | |
| − | | + | |
| − | Below is a short list of what can be accomplished in a simple GUI on this CD;
| + | |
| − | | + | |
| − | * Mount file systems read-only, including journalled file system types
| + | |
| − | * Obtain a list of deleted files for ext2, FAT12/16/32, and NTFS file system types
| + | |
| − | * Undelete deleted files from NTFS file systems
| + | |
| − | * Obtain both E-mail and URL addresses from the Windows "pagefile.sys" file
| + | |
| − | * Read the Recycle Bin INFO2 records
| + | |
| − | * Read Windows event log files (AppEvent.Evt, SecEvent.Evt, SysEvent.Evt)
| + | |
| − | * Read many log files from Linux systems (shell histories, system logs, security logs, accounting logs, etc.)
| + | |
| − | * Obtain file system metainformation (creation date, last mount and write date, version, label, UUID, etc.)
| + | |
| − | * Parse Internet cache files from IE, Mozilla, and Opera, pulling cookies and histories
| + | |
| − | * Catalog target file system, selecting files of interest by extension or header
| + | |
| − | * Convert date/time between UNIX 32bit, UNIX hex, human readable, Windows 64bit, and Windows hex
| + | |
| − | * Generate thumbnails for all graphics in fully qualified path filename
| + | |
| − | * Obtain drive information (serial number, make/model, firmware, HPA status, etc.)
| + | |
| − | * Obtain system BIOS table information (serial numbers, dates, UUIDs, etc.)
| + | |
| − | * Obtain system hardware catalog
| + | |
| − | * Double-clicking on most common file types opens them (Documents, Graphics, Presentations, Movies, Audio, etc.)
| + | |
| | | | |
| | == External Links == | | == External Links == |
| | | | |
| − | * [http://www.forensicbootcd.com/site/view.html THE FARMER'S BOOT CD screen shots] - Screen Shots for Delve Preview Program on the FBCD. | + | * [http://ssdeep.sourceforge.net/ Official website] |
| − | * [http://www.forensicfocus.com/farmers-boot-cd Preview Data in Under Twenty Minutes] - Paper on previewing data quickly at http://www.forensicfocus.com.
| + | |
| − | | + | |
| | | | |
| − | =See Also=
| + | Category:Cross-platform |
| − | [[FCCU_Gnu/Linux_Boot_CD]]
| + | |
