Difference between pages "THE FARMER'S BOOT CD" and "Forensics on GPUs"

From ForensicsWiki
(Difference between pages)
Jump to: navigation, search
m
 
m (Bibliography)
 
Line 1: Line 1:
{{Infobox_Software |
+
Using a '''Graphical Processing Unit''' ('''GPU''') for forensics analysis attempts to make use of the significant, parallel processing power available on these high cards for a different purpose than their original intent. The idea of forensic analysis on a GPU was first proposed by Marziale, Richard and Roussev in 2007 with a version of [[Scalpel]] that utilized a GPU.
  name = THE FARMER'S BOOT CD |
+
  maintainer = [[Thomas Rude]] |
+
  os = {{Linux}}, {{Windows}} |
+
  genre = {{Live CD}} |
+
  license = ??? |
+
  website = [http://www.forensicbootcd.com/ forensicbootcd.com] |
+
}}
+
  
'''THE FARMER'S BOOT CD''' ('''FBCD''') is a [[Linux]] [[boot CD]] developed by [[Thomas Rude]] ('farmerdude'). Taking a different approach than other [[Live CDs]], this CD was designed and optimized for previewing systems before acquiring. It contains a number of programs forensic practitioners can utilize to preview both [[Windows]] and [[Linux]] systems in a [[forensically sound]] manner.
+
== Bibliography ==
 +
* ''[http://www.acsac.org/2006/papers/74.pdf Offloading IDS Computation to the GPU]'', Nigel Jacob and Carla Brodley, ACSAC 2006.
 +
* ''[http://dfrws.org/2007/proceedings/p73-marziale.pdf Massive Threading: Using GPUs to Increase the Performance of Digital Forensics Tools]'', Lodovico Marziale, Golden G. Richard III, and Vassil Roussev, DFRWS 2007.
  
== Preview Capabilities ==
+
<bibtex>
 
+
@inproceedings{1191892,
THE FARMER'S BOOT CD has been designed for previewing both Windows and Linux systems. On-site previews before acquisitions is an emerging trend in the U.S.A. due to legal and technological reasons.
+
author = {Nigel Jacob and Carla Brodley},
 
+
title = {Offloading IDS Computation to the GPU},
Below is a short list of what can be accomplished in a simple GUI on this CD;
+
booktitle = {ACSAC '06: Proceedings of the 22nd Annual Computer Security Applications Conference on Annual Computer Security Applications Conference},
 
+
year = {2006},
* Mount file systems read-only, including journalled file system types
+
isbn = {0-7695-2716-7},
* Obtain a list of deleted files for ext2, FAT12/16/32, and NTFS file system types
+
pages = {371--380},
* Undelete deleted files from NTFS file systems
+
doi = {http://dx.doi.org/10.1109/ACSAC.2006.35},
* Obtain both E-mail and URL addresses from the Windows "pagefile.sys" file
+
publisher = {IEEE Computer Society},
* Read the Recycle Bin INFO2 records
+
address = {Washington, DC, USA},
* Read Windows event log files (AppEvent.Evt, SecEvent.Evt, SysEvent.Evt)
+
  url="http://www.acsac.org/2006/papers/74.pdf"
* Read many log files from Linux systems (shell histories, system logs, security logs, accounting logs, etc.)
+
}
* Obtain file system metainformation (creation date, last mount and write date, version, label, UUID, etc.)
+
</bibtex>
* Parse Internet cache files from IE, Mozilla, and Opera, pulling cookies and histories
+
* Catalog target file system, selecting files of interest by extension or header
+
* Convert date/time between UNIX 32bit, UNIX hex, human readable, Windows 64bit, and Windows hex
+
* Generate thumbnails for all graphics in fully qualified path filename
+
* Obtain drive information (serial number, make/model, firmware, HPA status, etc.)
+
* Obtain system BIOS table information (serial numbers, dates, UUIDs, etc.)
+
* Obtain system hardware catalog
+
* Double-clicking on most common file types opens them (Documents, Graphics, Presentations, Movies, Audio, etc.)
+
 
+
== External Links ==
+
 
+
* [http://www.forensicbootcd.com/site/view.html THE FARMER'S BOOT CD screen shots] - Screen Shots for Delve Preview Program on the FBCD.
+
* [http://www.forensicfocus.com/farmers-boot-cd Preview Data in Under Twenty Minutes] - Paper on previewing data quickly at http://www.forensicfocus.com.
+
 
+
 
+
=See Also=
+
[[FCCU_Gnu/Linux_Boot_CD]]
+

Revision as of 17:38, 9 October 2007

Using a Graphical Processing Unit (GPU) for forensics analysis attempts to make use of the significant, parallel processing power available on these high cards for a different purpose than their original intent. The idea of forensic analysis on a GPU was first proposed by Marziale, Richard and Roussev in 2007 with a version of Scalpel that utilized a GPU.

Bibliography

Nigel Jacob, Carla Brodley - Offloading IDS Computation to the GPU
ACSAC '06: Proceedings of the 22nd Annual Computer Security Applications Conference on Annual Computer Security Applications Conference pp. 371--380, Washington, DC, USA,2006
http://www.acsac.org/2006/papers/74.pdf
Bibtex
Author : Nigel Jacob, Carla Brodley
Title : Offloading IDS Computation to the GPU
In : ACSAC '06: Proceedings of the 22nd Annual Computer Security Applications Conference on Annual Computer Security Applications Conference -
Address : Washington, DC, USA
Date : 2006