A few months ago, we wrote up directions for setting up a headless VirtualBox in Ubuntu 10.04. Of course, we use VBox all the time and a few weeks ago setup a fresh install of BackTrack 4. Since a lot of folks have read our previous HOWTO, I thought we’d just just give a [...]
|
|||||
|
I previously posted a HOWTO for installing Kristinn Gudjonsson’s log2timeline on Ubuntu 9.10. Since that time, Kristinn setup his own apt-get repository so things are much easier. Here’s what I did (which is Add apt-get repository At this time, Kristinn only has the karmic repository setup and that will work fine for Ubuntu 9.10 and 10.04…probably [...] Andreas Schuster‘s EvtxParser is a fantastic tools for extracting the new log file format found in Windows Vista, Windows 7 as well as the new Windows 2008 Server and other platforms. Like Kristinn’s log2timeline tool, though, there are a few steps to complete the install. This should work on most Ubuntu versions but I’m on [...]  May 26th, 2010 by ahoog
 1 commentLike many of you, we work very hard to setup and maintain our forensic lab, in particular storage, software, hardware and security. We’ve learned a lot and would like to share some of it. After testing VMWare, KVM, Xen and VirtualBox, we settled on VirtualBox as the best solution for virtualization in our environment. Our [...] May 25th, 2010 by ahoog
1 commentWe do Mac forensics…a lot of folks don’t. But I’m still a Linux geek at heart. Here’s how you mount an HFS+ partition on Linux. While you can apply this to an attached disk, this example mounts a partition/slice from a dd image (more precisely, a dc3dd image) taken from a Mac. Acquire Apple disk [...] February 10th, 2010 by ahoog
2 commentsKristinn Gudjonsson has written an excellent timeline utility for forensics investigators call log2timeline. The power of his tool is that it will add a wide range of event inline to an existing body file so that when you are doing timeline analysis (a key component to any forensic investigation) you can see file system, [...] Kristinn Gudjonsson has really done some great work. He’s the author of the log2timeline script and posts forensics updates regularly. It’s hard work detailing the steps you took, writing it up and such. So hats off to Kristinn and the always good SANS computer forensics blog. I decided to do some malware analysis as a part [...] February 25th, 2009 by ahoog
2 commentsIntroduction As everyone knows, disk I/O performance is significant factor in how quickly and efficiently a forensic analyst can perform their duties. Often times, people try to through hardware at a performance issue and hope it “just works” out of the box. While there can be an increase in performance by simply buying faster drives, the [...] February 6th, 2009 by ahoog
1 commentDoing Mac/iPhone forensics, you will eventually need to examine the contents of a disk image which Apple stores in a .dmg file. Here’s some information on the files and how you can mount them. .dmg file information The two types of .dmg files I have come across are a uncompressed file and a compressed one. [...] The iPhone (based on OS X 10.5 Leopard) stores many configuration settings in a property list (.plist file). While these are often text XML files, at times Apple uses a binary plist format. If you are analyzing the file on a Mac, you can easily open (and edit) the file with several programs [...] |
|||||
|
Chicago / St. Louis / Milwaukee - Contact Us
Main Office: 1100 Lake St, Suite LL23 Oak Park, IL 60301-1099 Tel: 312-878-1100 | Fax: 312-268-7281 |
|||||
