Hey
I am looking to start experimenting with Open Source tools in my private time, at the LE agency I work at we use WinHex and FTK. I personslly feel I am limiting myself in just knowing those programs. I am looking to install a platform to work on which will be Linux, I am looking for suggestions on which flavor you find works best and what tools you would suggest for a newb to Linux to use.
?
An admirable idea.
Jonathan
Have you considered the SANS SIFT Workstation? It's a Linux distro, with a great deal of the available tools already set up and configured for use, and a great way to get started.
Hey Guys
I have SIFT on my machine at work, and will continue on with it and appreciate the info. Keydet I did mail you I do not know if you received it yet.
Vee
Don't know…to which address did you send it?
SIFT and Caine are great ways to have a large collection of open source tools all in one go.
However, if you are looking to put together your own collection, or are just looking to step outside the SIFT/Caine comfort zone, I would recommend the book Digital Forensics with Open Source Tools and the website linuxleo.com.
Here are some links to tools to experiment with
http//
http//
http//
You can also scan the various discussions regarding OS tools on this forum
I'm finding the new clean-room Java version of Autopsy 3 to be a nice miracle. Not only can it read Expert Witness Format images, but it can also read HFS+. The WinHex Specialist copy I paid for can't do either of those; in fact, the CEO of X-Ways sent me a not-so-nice email when I asked him if this would ever be supported on the Specialist copy - something about he needed to get paid and his product is better. I mean, wow - what an ego.
The new Autopsy 3 runs in WINDOWS. You heard it right - my copy ran fine on Windows 7 (64-bit). I suggest you check it out
http//
For Ubuntu, I found DEFT 7.1 to have excellent support for hardware, and a huge selection of open source imaging tools, including the ability to image to 2 devices simultaneously. Paladin and Helix are also 2 other Ubuntu-based live CDs that you can work with (DEFT is still my favorite, though). YMMV
People have listed excelent tools and distributions
but maybe you can find usefull a few books
Digital Forensics with Open Source Tools
By Cory Altheide; Harlan Carvey
Publisher Syngress
Pub. Date April 14, 2011
http//
and
Malware Analyst's Cookbook and DVD Tools and Techniques for Fighting Malicious Code
By Michael Hale Ligh; Steven Adair; Blake Hartstein; Matthew Richard
Publisher John Wiley & Sons
Pub. Date November 02, 2010
Print ISBN 978-0-470-61303-0
Web ISBN 0-470613-03-3
http//
there was some problems with dowloading SIFT from sans but I think it works now