±Forensic Focus Partners

Become an advertising partner

±Your Account


Username
Password

Forgotten password/username?

Site Members:

New Today: 0 Overall: 34731
New Yesterday: 2 Visitors: 269

±Follow Forensic Focus

Forensic Focus Facebook PageForensic Focus on TwitterForensic Focus LinkedIn GroupForensic Focus YouTube Channel

RSS feeds: News Forums Articles

±Latest Articles

±Latest Webinars

SKADI

Computer forensics discussion. Please ensure that your post is not better suited to one of the forums below (if it is, please post it there instead!)
Reply to topicReply to topic Printer Friendly Page
Forum FAQSearchView unanswered posts
Go to page 1, 2  Next 
  

SKADI

Post Posted: Wed Aug 15, 2018 2:00 am

Skadi is a free, open source Ubuntu based VM that enables the collection, processing and advanced analysis of forensic artifacts and images. It contains tools:
•Plaso
•CDQR
•CyLR
•Docker
•ElasticSearch, Logstash, Kibana (ELK)
•Redis
•Neo4j
•Celery
•Cerebro

github.com/orlikoski/S...-USB-Drive
_________________
Institute for Digital Forensics (IDF) - www.linkedin.com/groups/2436720
Mobile Telephone Examination Board (MTEB) - www.linkedin.com/groups/141739
Universal Network Investigations - www.linkedin.com/groups/13536130
Mobile Telephone Evidence & Forensics trewmte.blogspot.com 

trewmte
Senior Member
 
 
  

Re: SKADI

Post Posted: Wed Aug 15, 2018 4:28 am

<rant>
Not to attack just this, but more of "forensics distros" rant in general:

I'd rather see some sort of bootable CD/DVD/USB distro that focus on collection and data recovery than some distro put together by some random person with too much free time that thinks that live forensics is the norm. Also, not just focusing on the Linux world with preinstalled tools that need to be started from the media.

ELK? Neo? Are you f-ing kidding me?

A distro that focus on acquisition to useable, portable fileformats with a wide, multiple selection for each category, i.e. to dump memory, capture network traffic, image disks and external devices (mobile phones, GPS, drones) would beat any such distros in a heartbeat because it, you know, focus on reality.
</rant>  

MDCR
Senior Member
 
 
  

Re: SKADI

Post Posted: Wed Aug 15, 2018 7:59 am

Sounds like Paladin would be a good candidate based on your rant above. I have used it since 2012, and it is a great free tool.

The first post in this string seems more like an advert for SKADI than anything else.  

kastajamah
Member
 
 
  

Re: SKADI

Post Posted: Wed Aug 15, 2018 8:33 am

- kastajamah
Sounds like Paladin would be a good candidate based on your rant above. I have used it since 2012, and it is a great free tool.


A live forensic distribution executing malicious code from a suspect drive

A live forensic distribution writing to a suspect drive  

thefuf
Senior Member
 
 
  

Re: SKADI

Post Posted: Wed Aug 15, 2018 10:24 am

- MDCR
<rant>
Not to attack just this, but more of "forensics distros" rant in general:

I'd rather see some sort of bootable CD/DVD/USB distro that focus on collection and data recovery than some distro put together by some random person with too much free time that thinks that live forensics is the norm. Also, not just focusing on the Linux world with preinstalled tools that need to be started from the media.

ELK? Neo? Are you f-ing kidding me?

A distro that focus on acquisition to useable, portable fileformats with a wide, multiple selection for each category, i.e. to dump memory, capture network traffic, image disks and external devices (mobile phones, GPS, drones) would beat any such distros in a heartbeat because it, you know, focus on reality.
</rant>


It's OK to rant... it's healthy. So I take it you don't like Skadi et al Laughing Yeah, I get what you are saying; just passing on what has been found... might be helpful to students or someone else..
_________________
Institute for Digital Forensics (IDF) - www.linkedin.com/groups/2436720
Mobile Telephone Examination Board (MTEB) - www.linkedin.com/groups/141739
Universal Network Investigations - www.linkedin.com/groups/13536130
Mobile Telephone Evidence & Forensics trewmte.blogspot.com 

trewmte
Senior Member
 
 
  

Re: SKADI

Post Posted: Wed Aug 15, 2018 10:28 am

- kastajamah
Sounds like Paladin would be a good candidate based on your rant above. I have used it since 2012, and it is a great free tool.

The first post in this string seems more like an advert for SKADI than anything else.

Well, if that is an ad, yours is astroturfing Shocked .

Surely trewmte is only sharing a bit of information he has, nothing more, nothing less. Smile

But you can check here to see how masked advertising/astroturfing actually looks like Wink :
www.forensicfocus.com/...-logicube/

@MDCR
Not particularly ranting IMHO, but you surely hit the nail right on the head. Exclamation

@thefuf
Thanks for the inside look in these matters, very interesting as always.

jaclaz
_________________
- In theory there is no difference between theory and practice, but in practice there is. - 

jaclaz
Senior Member
 
 
  

Re: SKADI

Post Posted: Wed Aug 15, 2018 11:29 am

- jaclaz
Surely trewmte is only sharing a bit of information he has, nothing more, nothing less. Smile jaclaz


Yes, thanks jaclaz. Just sharing.
_________________
Institute for Digital Forensics (IDF) - www.linkedin.com/groups/2436720
Mobile Telephone Examination Board (MTEB) - www.linkedin.com/groups/141739
Universal Network Investigations - www.linkedin.com/groups/13536130
Mobile Telephone Evidence & Forensics trewmte.blogspot.com 

trewmte
Senior Member
 
 

Page 1 of 2
Go to page 1, 2  Next