I have to apologize, but I am still confused about the forensic standard issue of Linux distros & open source software. Would you be so kind as to provide a link or reference to such. Thank you.
There really isnt one for us who udnerstand forensics.
The issue is education on a corporate level across departments who are no where near as computer savvy when they are the ones who approve the use of all equipment, software etc.
Basically if the software or equipment isnt a huge mainstream or expensive solution these departments will not authorize it because they are afraid to have a serious litigation be based off something free
THIS IS NOT WHAT I BELEIVE
I'm trying to work around those who tell me what I can and cannot do when they dont understand the capabilities of any software or even the parameters of the job at hand.
sorry for the confusion
Ehuber I want to address your question. I currently work for a fortune 100 company on the Digital Forensics side of the Enterprise Information Risk Management area. I personally have a tool kit with Linux Distros which I love but HR, the paralegal team and my boss even do not approve me using these tools. As I understand it they do not want anything being used that the government wouldnt use.
I can tell you, for certain, that the government uses Macs, Linux, and Open Source software for digital investigations. EnCase and FTK are not the only tools in the shed.
AGAIN this is according to what they know. A fortune 100 HR manager is not going to know muh of anything beyond FTK and EnCase. I understand that they meet a forensic standard and as long as you know how and why you are doing what your doing that is what is ESSENTIAL!
I (and, presumably, others), have no idea what is meant by a "forensic standard" in terms of a tool or technology used in digital forensics. Outside of their ability to make bit-for-bit (a misnomer) copies of storage media (and, not in every case), neither product is a replacement for a skilled examiner. In point of fact, both of those products have had KNOWN problems with certain functionality which could interfere with the veracity of any conclusions based upon these known issues.
In addition, anyone with a big pocketbook can buy the software. Since I use (and license) both products (and others), I don't mean to disparage either company, however, the point is that sales/use is not restricted to credentialled users.
So really I understand that these tools meet every standard they must and I prefer them for many applications.
Is "bias" a standard?
Corporate America does not recognize this fact that open source isn't the source of all evil and therefore They have locked down any chance of using that software on anything unless it is an absolute necessity.
Hmm. You might point out that Internet Explorer was originally based on NCSA Mosaic. Or that Oracle now sells (and develops on) its own Linux. What about the embedded Linux OS in most wireless access points, DSL/cable modems and retail network attached storage devices?
The fact is that MANY successful commercial product are based upon Open Source software and I'd go so far as to say that I doubt that any business using information technology, today, does not have at least one Open Source powered device/application in house, whether they know it or not.
Got an iPod, iPad or iPhone and you are running an OS based upon CMU's Mach kernel.
Finally, I might point out that I have Linux-based devices which I have not had to reboot in over three years. I doubt that I have a Windows-based system that has been running much more than three weeks without a restart.
Let me second what Sean said, and tell you that I know hundreds of CF guys in government / LEO jobs in multiple countries who have a linux forensic CD in their toolkit. There are a number of FOSS tools for CF that were actually developed by govt types, such as PyFLAG made by Australian DoD, and non-open source, but otherwise free tools like iLook before it was de-funded by the Treasury.
If someone believes that government types only use the big name tools, they are likely listening to the hype of the companies who make those tools, and not the government departments. I've lost count of the number of times I've seen LEO types ask for a free solution to a specific issue because "the price is right", and I don't hear complaints from those who don't ask specifically for a free / open source solution when you give them one.
Oh, and MacOSX is built on FreeBSD, an open source operating system out of Berkley. I know a ton of guys who have a MacBook in their arsenal for examinations.
Oh, and MacOSX is built on FreeBSD, an open source operating system out of Berkley. I know a ton of guys who have a MacBook in their arsenal for examinations.
Well, actually, OS X employs a Unix microkernel architecture which was pioneered and inspired by Mach and FreeBSD uses the Mach virtual memory architecture. OS X incorporates features from FreeBSD, especially networking and user space, but the Apple developer site still lists Mach as the foundation for the kernel.
http//
Malvakian,
I work for the UK Government, the MoD, and we use Linux distros to image discs.
We use Helix, Raptor, SPADA (as suggested by Patrick), and FCCU. We take DD images, and use Encase, FTK and Netanalysis to analyse the files.
Cheers,
I currently work for a fortune 100 company on the Digital Forensics side of the Enterprise Information Risk Management area.
So it's a corporate standard you are referring to. Then you better have something more in the way of an argument that you like the tools you want to use. Personal preferences are not likely to impress anyone. Saving time/money usually works. But you also need to understand why the decision was made in the first place, and you need to address that point as well. The ramifications of these kind of standards are not always obvious to the eye, and you need to know what they are.
Sometimes these standards are misinformed – like a cabling standard that calls for network cables of a colour that cannot be obtained over the counter, so you must place a *huge* special order with a company elsewhere in the world. But sometimes they have evolved from earlier failures – if that should happen to be the case here, you better know about it. For instance, if a previous employee did use Linux tools on a case, and it failed because of something connected to that choice, you better know about it, and address that point as well.
One reason could easily be the question of maintaining competence if you start to use some unusual tools, and suddenly decide to leave … where will that leave those who have to take over after you? Maintaining poorly chosen competence can be expensive, and if the department budget doesn't allow for such excesses, departures in such directions will not be welcomed.
I feel Like everyone here believes I am an idiot….
everything being said I already know I am speaking from a point of view of those in charge of me….
I know I need a background reason besides I like the tools, I know what the government really uses and I know that any software in the hands of the right user can be used very effective.
everything I am writing is through the apparent view of my superiors and what I am trying to get across is how confused they are, not that I am completely incompetent….
everything I am writing is through the apparent view of my superiors and what I am trying to get across is how confused they are, not that I am completely incompetent….
Don Quixote said it best, "Facts are the enemy of truth." Sounds like your superiors should consider running for political office.
Considering your situation
- 20 years old
- 5 weeks on the job
- Fortune 100 company
- Established way of doing things (i.e. "corporate standard")
…my advice to you–and hopefully this doesn't come off as too patronizing–is to shut up and work hard at doing things according to the corporate standard, rather than trying to change things right off the bat. At the same time, keep learning all these other tools in your free time and comparing results to the corporate standard.
You don't have to wait forever to seek change, but, as generic career advice, just focus on doing a good job with the grunt work. Over time you'll learn about the personalities in your office and what's important to the different stakeholders and departments. You'll have an easier time tailoring your arguments to them, and you'll have established your own credibility.
Jon
That is exactly what I am doing, But I am also trying to educate at the same time. I'm simply trying to broaden their understanding of forensics while doing all of the grunt work and doing everything without question. I am by no means try to up heave the system and change everything as some headstrong young gun. I am simply attempting to broaden their understanding of the field but thank you for the advice.