I've been in DF for about 3 years, only part-time and with no formal computer education, just lots of user experience and a tiny bit of in-house support for a 5-man company for 8 years. Current employer is global with circa 17,000 user accounts (I'm not in the IT dept and am probably resented by most of them ) )
Mostly self-taught in DF through blogs, SANS etc although I did pass GCFE this year having been on the SANS course.
I've got Ubuntu VM on home PC but would like to know where I can find a really useful (a) Linux primer and (b) list of really useful Linux commands and utilities with regard to DF.
Cheers
There's a ton of stuff available via Google…
http//linuxleo.com/
http//
I'd also look at the SANS SIFT appliance…
…and add to that the book "Digital Forensics with Open Source Tools" (disclosure I am the minor co-author)
Thanks Harlan. I know there's a ton of stuff if you Google, figuring out what's any use ain't so easy.
Appreciate your input as always, am looking forward to some reading, and practice.
Cheers
Thanks Harlan. I know there's a ton of stuff if you Google, figuring out what's any use ain't so easy.
But that's why you have to look into it.
I know that you're probably looking for input from the community, but looking out across the landscape, you're asking for something that isn't normally freely shared. I'm sure that there are folks out there who've downloaded lots of stuff but either haven't had the time to go through it, or simply wanted it available.
What needs to happen is that more folks within the community need to share this sort of thing.
A very helpful book that several of the people I work with tend to fall back on quite often is
Another book that I've been reading lately is
I work in IA and not DF, but these would still be helpful in DF.
Man pages for the afflib tools -
The Forensics Wiki should have some good stuff - http//
The SANS reading room might have some stuff - http//
Unleash the command line and the world is yours.
To me the command line is the power of Linux especially to work forensics. I would suggest "Beginning the Linux Command Line" by van Vugt.
HOW you use Linux is more important to me than HOW TO
http//linuxleo.com/
I'd also look at the SANS SIFT appliance…
I second this. I set up and machine with SIFT and worked through the guide from linuxleo and found it very helpful - a great way to start linux IMO. You can also just follow the guide from linuxleo (he uses slackware for the examples) without setting up a SIFT workstation. Either way, this guide is a good opener for using linux systems.