Forums
Main Category
General (Technical,...
approved software
 
Notifications
Clear all

approved software

 
General (Technical, Procedural, Software, Hardware etc.)
Last Post by kevinma 12 years ago
7 Posts
5 Users
0 Reactions
597 Views
RSS
 Aine
(@aine)
New Member
Joined: 12 years ago
Posts: 1
Topic starter 17/04/2013 6:34 pm  

Hi
I'm a second year student in Digital Forensics. Our lecturer has told us to find hash calculating software, secure disk wiper software (to prepare test drives for analysing) and software write blocker software which is approved by NIST or similar bodies for use in Digital Forensics to use in our assignments, can you recommend any free software which I can use. I have had no luck finding an approved list online.

Is there a checklist of things to do in an investigation, eg step 1 take image, step 2 etc.

Thank you for any help you can give me.


   
Quote
EricZimmerman
 EricZimmerman
(@ericzimmerman)
Estimable Member
Joined: 13 years ago
Posts: 222
17/04/2013 7:39 pm  

why approved by NIST? you should be the one validating your own stuff as it will be you, not NIST, on the stand (so to speak) when asked about your work.

dban is a good wiping tool that you can boot to
winhex is useful for wiping from windows (and a ton more)

theres a million hashing programs out there. a very easy to use one is cyohash, http//sourceforge.net/projects/cyohash/. there are better ones, but that will get you started

checklists really depend on the organization and what kind of case you are working. the basics will be the same, but isnt that what your courses should cover?


   
ReplyQuote
keydet89
 keydet89
(@keydet89)
Famed Member
Joined: 21 years ago
Posts: 3568
17/04/2013 9:37 pm  

…which is approved by NIST…

It may be that your professor wants you to look beyond simple Google searches and actually research this information.

And I did find a good deal of what you were looking for…oddly enough, by doing a simple Google search! 😉 So I may have missed the boat with my first statement.


   
ReplyQuote
EricZimmerman
 EricZimmerman
(@ericzimmerman)
Estimable Member
Joined: 13 years ago
Posts: 222
17/04/2013 10:01 pm  

An interesting comment you made was 'nist or similar bodies.'

I would argue YOU can be that body by testing and articulating your findings. A 1 is a 1 and a 0 is a 0 regardless of who tests it.


   
ReplyQuote
keydet89
 keydet89
(@keydet89)
Famed Member
Joined: 21 years ago
Posts: 3568
17/04/2013 10:05 pm  

Great response, Eric. I'm surprised at how often analysts ask questions for which the answer simply requires some minimal action on their part…


   
ReplyQuote
jaclaz
 jaclaz
(@jaclaz)
Illustrious Member
Joined: 18 years ago
Posts: 5133
17/04/2013 10:22 pm  

About wiping if the device provides internal ATA commands Secure Erase and/or Sanitize, use them.
It will be faster (and approved by NIST).
See
http//csrc.nist.gov/publications/nistpubs/800-88/NISTSP800-88_with-errata.pdf
http//csrc.nist.gov/publications/drafts/800-88-rev1/sp800_88_r1_draft.pdf

I doubt that NIST can/will (ever) "certify" or "approve" a software write blocker 😯 or that it will do so in a timely fashiion
http//www.cftt.nist.gov/software_write_block.htm
at the most it will test it and publish the result, with a disclaimer such as

It documents results against four top-level tool requirements identified by the specification and several test assertions related to those requirements, describes the testing environment, provides an interpretation of the test results, and includes test results summary log files for numerous test cases. The results provide the information necessary for developers to improve tools, users to make informed choices, and the legal community and others to understand the tools' capabilities.

jaclaz


   
ReplyQuote
 kevinma
(@kevinma)
Active Member
Joined: 12 years ago
Posts: 5
19/04/2013 1:44 pm  

Hashtab is one of the hash calculating software support many hash algorithms such as MD5, SHA1, SHA2
http//www.implbits.com/hashtab.aspx


   
ReplyQuote
Forum Jump:
  Previous Topic
Next Topic  
Share: