Windows Workflow vs...
 
Notifications
Clear all

Windows Workflow vs Linux Workflow

24 Posts
8 Users
0 Likes
2,472 Views
(@chroberts39)
Posts: 25
Eminent Member
Topic starter
 

am looking to compare Windows workflow vs Linux workflow, both against a Windows target.

Does anyone have a good guide / reference to either or, for reading ?

Any help appreciated.

Colin

 
Posted : 22/04/2014 7:27 pm
jaclaz
(@jaclaz)
Posts: 5133
Illustrious Member
 

am looking to compare Windows workflow vs Linux workflow, both against a Windows target.

Workflow for WHAT exactly?

Post an example of what you mean for "workflow" (either the "Windows" or the "Linux" one with which you are familiar).

I mean, whatever the scope is, the "theoretical" workflow remains the same, tools used or "practical workflow" may differ.

jaclaz

 
Posted : 22/04/2014 7:50 pm
(@krishna)
Posts: 45
Eminent Member
 

hi all

i have a case where in the hard disk is protected with the password. i wanted to image it using forensic dossier, it says the hard disk is locked, unlock to continue. if i connect to the system, it shows the disk, but, the disk will not mount in windows environment. i tried to clone, using cain but it is not proceeding further showing lots of bad sectors and the time is indefinite. any solutions for by passing the pw and protecting the integrity of the disk and image the same for further analysis. thank u.

 
Posted : 22/04/2014 8:48 pm
(@chroberts39)
Posts: 25
Eminent Member
Topic starter
 

by workflow, i refer to the steps one would take to acquire, verify and interrogate a disk image for evidence of some incident/crime. Hope this clears it up.

 
Posted : 23/04/2014 2:57 am
(@bithead)
Posts: 1206
Noble Member
 

by workflow, i refer to the steps one would take to acquire, verify and interrogate a disk image for evidence of some incident/crime. Hope this clears it up.

The steps to acquire and verify a single HDD are the same no matter the OS. As far as "interrogating", there are whole books (and more books) written on the subject. And depending on the incident/crime what an examiner would look for is quite different.

If an examiner were looking for evidence of theft of trade secrets the items of interest are likely to be quite different than what an examiner would look for on the computer of a subject suspected of trying to cover up a murder-for-hire plot. Sure both may include looking at communications, however the differences are far greater than the similarities in what would likely be substantive.

 
Posted : 23/04/2014 6:06 am
(@a-nham)
Posts: 32
Eminent Member
 

The steps needed for acquisition are about the same for Windows and Linux, it is usually more of a matter of if you prefer opens source or paid support. The actual count of steps required is more based on programs rather than OS. Lastly, different interrogation tools may make faster acquisition/inquisition faster or more detailed, depending on how the product works and what you want. Think how few steps dd is, but also how it is only limited to acquisition and not interrogation. All a matter of personal preference rather than efficiency, thought some actions are a bit faster on one os than another, but that is due to program, not OS.

 
Posted : 23/04/2014 7:15 am
jaclaz
(@jaclaz)
Posts: 5133
Illustrious Member
 

… it is usually more of a matter of if you prefer opens source or paid support.

To be picky (as I actually am) there are also cases of "paid, no support" 😯

jaclaz

 
Posted : 23/04/2014 2:27 pm
HexDrugsRockNRoll
(@hexdrugsrocknroll)
Posts: 60
Trusted Member
 

To be picky (as I actually am) there are also cases of "paid, no support" 😯

jaclaz

It's at times like this we need a 'Like' button.

 
Posted : 23/04/2014 2:36 pm
(@chroberts39)
Posts: 25
Eminent Member
Topic starter
 

Thanks to everyone for their response so far. If I can clarify a bit more as to what I am trying to achieve here.

I am looking to consider the workflow or procedure if you like of a Windows based examination of Windows machine which will include from acquisition to reporting including the steps taken and tools used. I then have to devise a similar workflow for using a Linux distro (any one) to conduct the same examination. I then want to compare the two workflows and consider the pros and cons of each.

Because this is an uni assignment, I do not wish for anyone else to do the work for me (that is my job) but what I was looking for was a possible number of sources that are already in existence; including people's views on existing Linux based workflow to conduct a forensic examination of a Windows PC. One example here would be to contrast between Encase or FTK vs dd, dcvldd etc…

So, if you have experience of both workflows and in particular the 'batting order' of tasks within Linux, then I would be keen to discuss your views, any reference sources and then conduct my own experiments to validate and propose a Linux based examination methodology and workflow.

Hope this is not too detailed.

Cheers,

 
Posted : 25/04/2014 4:29 pm
jhup
 jhup
(@jhup)
Posts: 1442
Noble Member
 

And, to further nitckpicking, one primary F/OSS monetizing solution is paid support.

"paid, no support" is more of a commercial venture. mrgreen

But, we digress as usual.

… it is usually more of a matter of if you prefer opens source or paid support.

To be picky (as I actually am) there are also cases of "paid, no support" 😯

jaclaz

 
Posted : 25/04/2014 5:40 pm
Page 1 / 3
Share: