Before anyone starts, yes I did try google only came up with a lot of old stuff, links to Windoze sleuthkit,(I'm using Linux) and a tutorial from Anti-Online that wouldn't open? Can anyone point me in the right direction?
I'd suggest that if the wiki isn't something that you find useful at this point, try the mailing list
http//
They may be able to provide you with a great deal of help.
Harlan
Not to advertise, but at the SANS Security508 (forensics) class we teach The Sleuthkit tools. The course DVD does include demo/freeware versions of some commercial tools, but the course is taught primarily with various open source tools. (The open source tools demonstrate concepts such as file system layer abstractions quite nicely.) If you're interested in this route, contact me offline (pm or email).
Alternatively, Brian Carrier's "File System Forensic Analysis" book explains a lot of background and foundational file system theory. You might also want to look at some of the Honeynet SOTM (Scan Of The Month) challenges.
I've learned how to use autopsy on my own box. But I can only find files if I know the path, directory, and know the name of file I'm looking for. Does anyone know how to just randomly search with it?
Before anyone starts, yes I did try google only came up with a lot of old stuff, links to Windoze sleuthkit,(I'm using Linux) and a tutorial from Anti-Online that wouldn't open? Can anyone point me in the right direction?
ftp//
An updated version with more Sleuthkit exercises and new NTFS exercises (using Sleuthkit) is currently under review and due to be released in the coming weeks.
Barry
NASA OIG CCD