Join Us!

Creating Forensic E...
 
Notifications
Clear all

Creating Forensic Exercise Data  

  RSS
rhall47
(@rhall47)
Junior Member

I'm putting together training material for our up and coming forensic examiners. I'm trying to make the scenarios as true to life as possible and would like to generate emails for them to locate and recover. Has anyone done this before, I would like the emails to look legitimate and to be dated to match the story line.

I have built a virtual machine and set the system date and time to match the scenario. I have a script for the events and the people involved. But wanted to create items including emails which conceal using all the usual techniques.

But the emails are the difficult bit. I have written emails before and modified them using a Microsoft email editor but it's easy to make miss some of the changes that need to be made.

If anyone has used some kind of tool that would be great to hear about it.

Kind regards

Richard

Quote
Posted : 16/10/2018 2:07 pm
randomaccess
(@randomaccess)
Active Member

Lee Whitfield did a presentation on how he went about generating the scenario for the FOR 500 course

https://www.youtube.com/watch?v=4J8h0t-s61c

It may require you to take some time and write a script if you want it to be properly realistic.

ReplyQuote
Posted : 17/10/2018 8:26 am
AmNe5iA
(@amne5ia)
Active Member

https://github.com/hannuvisti/forge

This can create similar but different images. So if you have 20 students it can quickly generate 20 different images. Each student gets their own image. Prevents them from copying each others work blindly.

ReplyQuote
Posted : 17/10/2018 10:56 am
athulin
(@athulin)
Community Legend

If anyone has used some kind of tool that would be great to hear about it.

There are tools for application and user interface testing – they typically allow you start a program, click at various places, enter text, and so on. Never worked with them, but I've seen them in use. Software developers or testers may help. Selenium is fairly well known for web-related testing, which is a bit different than native apps – I think there's a Java tool as well, but the name is gone. SmartBear have something called TestComplete. Don't know a thing about it, but I'm pretty satisfied with the other tools I've used from the same company, so it may be worthwhile-

AutoIT is sometimes used for this, although my impression is that it's more of an automation tool.

I guess that you want to do some kind of master script on system x at 1200 send a mail. On system y at 1205, read all open mails, and delete them, … and so on. That 'scheduling' I don't know if its present or if it easily can be added. Particularly not if you want no traces of such tools on each system – another thing testers typically don't care much about – but you don't want to find scheduled jobs in the timeline …

Always fun when students focus on the traces you left behind, rather than what you intended them to work with …

ReplyQuote
Posted : 17/10/2018 4:43 pm
jaclaz
(@jaclaz)
Community Legend

But the emails are the difficult bit. I have written emails before and modified them using a Microsoft email editor but it's easy to make miss some of the changes that need to be made.

I am not sure to understand the question, maybe you want to use a service *like*

https://www.mailslurp.com/

or are you having issues on creating/managing the contents of the e-mails? ?

jaclaz

ReplyQuote
Posted : 17/10/2018 6:01 pm
Share: