Join Us!

Notifications
Clear all

Newbie requesting advice  

Page 1 / 2
  RSS
KPryor
(@kpryor)
Member

Hello all,
My name is Ken and I am a police officer in Robinson, Illinois. Our department is small and our town is in a rural area, meaning that budgets are low, especially for high tech stuff. We're lucky we got a grant this year, or we wouldn't even be replacing an aged squad car.

Anyway, the point of the above is this. I am very interested in being able to do forensic work for my department, such as when we confiscate computers related to CP investigations and so on. However, given the above, I have no budget to work with, so I'm going to have to come up with the funds and/or free stuff to do the job if I'm going to do it at all.

At the moment, we send seized computers to the Attorney Generals office for forensic work. They do a good job, but being the geek that I am, I want to learn to do this myself and have the reliable results that are admissible in court.

I am looking for training, books and software to achieve this goal. However, as I said before, cost sadly has to be considered. I already have Helix and am learning about it, but am far from capable with the tools it provides at this point.

Am I trying to do too much or can this reasonably be achieved? Any advice would be much appreciated.

KP

Quote
Posted : 19/09/2006 4:24 am
Jamie
(@jamie)
Community Legend

Ken,

Welcome to Forensic Focus. Given the correct attitude, dedication and time to learn I think it's certainly possible to achieve this goal (most of us here were probably in the same position at one point). One question though, I know you describe yourself as a "geek" but what does this translate into in practical terms? What "hands on" experience do you have with hardware and software, for example?

Jamie

ReplyQuote
Posted : 19/09/2006 4:51 am
KPryor
(@kpryor)
Member

Hi Jamie,

Thanks for the welcome! I was really happy to find this site while I was searcing for info.

I consider myself reasonably competent with troubleshooting and repairing hardware and software issues in Windows environments. I do computer repair work on the side at home and also work part-time in a local computer store. I'm mostly self-taught, but have taken a couple classes at the local community college on troubleshooting and repair just to reinforce what I've learned through my own study.

I'm a little familiar with Linux, having set up an in-house mail server and web server at the police department, but nothing much beyond that. I've messed around with Knoppix and used it while doing Windows machine repairs as well.

KP

ReplyQuote
Posted : 19/09/2006 5:07 am
Jamie
(@jamie)
Community Legend

Sounds like a good base to build on. As far as books are concerned you might want to consider those listed at

http//www.forensicfocus.com/computer-forensics-books

to which I still need to add Harlan's Windows IR book, Brian Carrier's "File System Forensic Analysis" and "Real Digital Forensics" by Jones et al. Also, don't be put off by the fact that "Forensic Computing A Practitioner's Guide" by Tony Sammes and Brian Jenkinson is an old book, I still rate it as essential reading.

Beyond that a course, such as the CCE offered at Kennesaw, might be of interest to you. Best of luck with your endeavours!

Jamie

ReplyQuote
Posted : 19/09/2006 5:33 am
KPryor
(@kpryor)
Member

Thanks for the information, Jamie. I will start looking into the books on the list and start studying. If you could recommend one particular book for the complete beginner, what might it be? Probably a tough question to answer, but any specific suggestions would be greatly appreciated.

Thanks again for the help. I really appreciate all of the great resources you have on this site.
KP

ReplyQuote
Posted : 19/09/2006 5:55 am
Jamie
(@jamie)
Community Legend

For the complete beginner who already has some technical background I still recommend "Forensic Computing A Practitioner's Guide" by Tony Sammes and Brian Jenkinson with the only caveat being that the reader keep in mind that there are newer technologies out there which are not covered in the book. For its approach, clarity and coverage of the major issues though, I don't think it can be beat (others no doubt will disagree - all opinions welcome!)

Jamie

ReplyQuote
Posted : 19/09/2006 6:10 am
KPryor
(@kpryor)
Member

Thanks Jamie! )
KP

ReplyQuote
Posted : 19/09/2006 6:14 am
KPryor
(@kpryor)
Member

I just found a copy of Forensic Computing A Practitioner's Guide on Amazon for $23.98, so I ordered it. Thanks for the recommendation.
KP

ReplyQuote
Posted : 19/09/2006 6:21 am
Jamie
(@jamie)
Community Legend

No problem, hope you enjoy the book.

All the best,

Jamie

ReplyQuote
Posted : 19/09/2006 6:29 am
mugwump
(@mugwump)
New Member

Hi,
I am a student studying Computer Forensics at Ferris State University and I would like to suggest a very basic book that seems to give a pretty good base and overview for you to start with. Sometimes it is better to start slowly and make sure this is the way you want to go. The Book we use for our class is; Computer Forensics Jump Start by Michael G. Solomon, Diane Barret and Neil Broom. I found it to be very easy reading and quite interesting to me. Good luck in your endeavor my hat is off to you!!

ReplyQuote
Posted : 03/11/2006 2:47 am
KPryor
(@kpryor)
Member

Thanks Margo, I appreciate the suggestion.
KP

ReplyQuote
Posted : 03/11/2006 2:48 am
bgrundy
(@bgrundy)
Member

I have no budget to work with, so I'm going to have to come up with the funds and/or free stuff to do the job if I'm going to do it at all.

Hi KP,
I just saw this thread today, and thought I'd throw in my $.02. I started out in much the same way. I was working in the Ohio AG's office and we wanted a sort of "in-house" capability. Ohio BCI has a computer crimes unit already (an exceedingly good one) and so it was tough to get funding. So I started with an old Compaq desktop disassembled, a copy of Norton DiskEdit, RedHat 6.2 and Ilook.

I say this because you can basically do the same. Linux has come a long way. If you are working on a tight budget, you can set Linux up on most any hardware and use it with free software to do much of your own imaging and analysis. As a Law Enforcement officer, you would have access to a free copy of Ilook Investigator as well for a Windows analysis platform. It includes a robust imaging tool.

http//www.ilook-forensics.org/

I'm partial to sticking with Linux, but for a free solution (and if you prefer Windows), Ilook is nice. The interface is not very intuitive, but there's free for LE training available through NW3C

http//www.nw3c.org/ocr/courses_desc.cfm?cn=ILook%C2%AE

I'm a little familiar with Linux, having set up an in-house mail server and web server at the police department, but nothing much beyond that. I've messed around with Knoppix and used it while doing Windows machine repairs as well.

If you want more of a background on using linux for forensics, I'd like to point you to a paper I wrote

ftp//ftp.hq.nasa.gov/pub/ig/ccd/linuxintro

I've used that paper to teach Linux forensics all over the place. There are hands on exercises included. It could give you some ideas on where to begin. The version on that server (2.05) is getting old. I have a newer updated version (2.55), used for a recent class in England, that I'm trying to get put up there. The newer version is updated for Slackware and TSK/Autopsy 2.x. If you want 2.55, pm me and I'll send it to you. I'm also working an a complete re-write to be released in a couple of months.

Anyway. I hope some of this helps a little. Forensics *can* be done on a shoestring in the short term. In the long term, however, you need to keep in mind constantly change hardware requirements, software advances, and most importantly *proper training*. All of these will eventually require some sort of consistent funding. Otherwise you're just dabbling in it. Good luck!

Barry
NASA OIG CCD

ReplyQuote
Posted : 03/11/2006 8:24 pm
KPryor
(@kpryor)
Member

Thanks very much Barry! I downloaded the paper you wrote a few days ago, but I'll pm you for the newer one. It looks like just what I need to get started. I appreciate the advice and assistance.
KP

ReplyQuote
Posted : 03/11/2006 9:56 pm
farrahyde
(@farrahyde)
New Member

OooOO very nice open source read. Thank you for posting.

ReplyQuote
Posted : 03/11/2006 10:42 pm
keydet89
(@keydet89)
Community Legend

Barry,

Great read!

Remember…many of the tools I've written run on Perl, regardless of the underlying OS…

H

ReplyQuote
Posted : 04/11/2006 12:52 am
Page 1 / 2
Share: