Forums
Main Category
General (Technical,...
Linux Forensics Beg...
 
Notifications
Clear all

Linux Forensics Beginner Intro

 
General (Technical, Procedural, Software, Hardware etc.)
Last Post by KPryor 17 years ago
10 Posts
7 Users
0 Reactions
1,494 Views
RSS
 bgrundy
(@bgrundy)
Trusted Member
Joined: 19 years ago
Posts: 70
Topic starter 22/10/2007 8:27 pm  

Ladies and Gents,

A new version of the Law Enforcement and Forensic Examiner's
Introduction to Linux, A Beginner's Guide is now available at its new
home

http//www.LinuxLEO.com

Info from the changelog is posted below. Please direct any questions or
correspondence to bgrundy (at) LinuxLEO.com

Barry.

From the Change Log

Version 3.20
-added compression on the fly exercise (for dd).
-added dd over the wire (network acquisition).
-added more detailed Sleuthkit section (commands)
-added TSK NTFS exercises (ADS, deleted files,sorter)
-added deleted file allocation determination and recovery exercise
(TSK/EXT2)
-removed support for Autopsy (I just don't use it anymore-I'll add it
back if
enough people request it).
-added libewf section.
-removed reference to NASA loopback (unsupported)
-added SMART filtering section using NTFS (classroom exercise)
-added SMART search section using EXT (classroom exercise).
-added section on configuring Slackware if a 2.6 kernel version is used
(12.x).

Version 2.55
-added a changelog 😉
-Document is now Slackware centric
-updated to Sleuthkit 2.0x (full disk images and split support)
-updated to Autopsy 2.0x (for use with new TSK)
-formatting changes for readability


   
Quote
Igor_Michailov
 Igor_Michailov
(@igor_michailov)
Honorable Member
Joined: 20 years ago
Posts: 529
22/10/2007 11:54 pm  

Helix for Beginners (BJ Gleason & Drew Fahey)
http//www.e-fense.com/helix/Docs/Helix0307.pdf


   
ReplyQuote
 bgrundy
(@bgrundy)
Trusted Member
Joined: 19 years ago
Posts: 70
Topic starter 23/10/2007 2:11 am  

Helix for Beginners (BJ Gleason & Drew Fahey)
http//www.e-fense.com/helix/Docs/Helix0307.pdf

The document described on page 79 of the Helix guide (and on the Helix disk) is an older version of this doc. What I posted is an update to the guide referenced in the Helix book (which is really good, by the way).


   
ReplyQuote
 kern
(@kern)
Trusted Member
Joined: 20 years ago
Posts: 67
24/10/2007 2:32 pm  

well posted bg,

nice to see it homed on such a clean looking website too ) wtg

Kern

edit typo


   
ReplyQuote
 Jonathan
(@jonathan)
Prominent Member
Joined: 20 years ago
Posts: 878
24/10/2007 3:13 pm  

nice to see it homed on such a clean looking website too ) wtg

Seconded. Very nice and clean site.


   
ReplyQuote
 bgrundy
(@bgrundy)
Trusted Member
Joined: 19 years ago
Posts: 70
Topic starter 05/09/2008 7:31 am  

Updated again.

Version 3.65 is now available at

www.linuxleo.com

Changelog

Version 3.65
-Switched to 2.6 kernel install in intro (Slackware 12.1).
-Added brief section on device detection (by request).
-updated details for recent versions of Linux tools.
-updated Sleuthkit and libewf section to account for changes in install for
TSK > 2.50 (autotools build design).
-moved libewf before TSK to account for lib install
-added section on alternative imaging tools (dc3dd,ddrescue)
-added dls exercises by request (TSK).
-added brief exercise on sigfind (TSK).

questions, suggestions and flames to bgrundy [at] linuxleo.com


   
ReplyQuote
 KPryor
(@kpryor)
Trusted Member
Joined: 19 years ago
Posts: 68
05/09/2008 8:02 am  

Excellent news! Your guide has been extremely helpful to me, Barry. I appreciate your work putting it together.
KP


   
ReplyQuote
s1lang
 s1lang
(@s1lang)
Trusted Member
Joined: 17 years ago
Posts: 98
05/09/2008 3:05 pm  

Very nice )

I'm very interested in the use of Linux in this field
Thank you


   
ReplyQuote
 potatohead
(@potatohead)
Active Member
Joined: 17 years ago
Posts: 6
20/09/2008 10:42 pm  

Barry,

Excellent book, I just passed that link around to my team. I'm an avid Linux user but relatively new to the forensics side of things.

Igor That Helix link is broken, any idea where I might be able to find it?


   
ReplyQuote
 KPryor
(@kpryor)
Trusted Member
Joined: 19 years ago
Posts: 68
21/09/2008 6:54 am  

They just re-did the Helix site in anticipation of Helix 2.0. The iso of the new Helix isn't available for download yet, but should be very soon. The doc for it can be found on the support page at http//www.e-fense.com/helix/Docs/Helix0307.pdf .
KP


   
ReplyQuote
Forum Jump:
  Previous Topic
Next Topic  
Share: