Forums
Main Category
General (Technical,...
Windows Workflow vs...
 
Notifications
Clear all

Windows Workflow vs Linux Workflow

 
Page 1 / 3
General (Technical, Procedural, Software, Hardware etc.)
Last Post by jhup 11 years ago
24 Posts
8 Users
0 Reactions
4,283 Views
RSS
 chr39
(@chroberts39)
Eminent Member
Joined: 16 years ago
Posts: 25
Topic starter 22/04/2014 8:27 pm  

am looking to compare Windows workflow vs Linux workflow, both against a Windows target.

Does anyone have a good guide / reference to either or, for reading ?

Any help appreciated.

Colin


   
Quote
jaclaz
 jaclaz
(@jaclaz)
Illustrious Member
Joined: 18 years ago
Posts: 5133
22/04/2014 8:50 pm  

am looking to compare Windows workflow vs Linux workflow, both against a Windows target.

Workflow for WHAT exactly?

Post an example of what you mean for "workflow" (either the "Windows" or the "Linux" one with which you are familiar).

I mean, whatever the scope is, the "theoretical" workflow remains the same, tools used or "practical workflow" may differ.

jaclaz


   
ReplyQuote
 krishna
(@krishna)
Trusted Member
Joined: 17 years ago
Posts: 47
22/04/2014 9:48 pm  

hi all

i have a case where in the hard disk is protected with the password. i wanted to image it using forensic dossier, it says the hard disk is locked, unlock to continue. if i connect to the system, it shows the disk, but, the disk will not mount in windows environment. i tried to clone, using cain but it is not proceeding further showing lots of bad sectors and the time is indefinite. any solutions for by passing the pw and protecting the integrity of the disk and image the same for further analysis. thank u.


   
ReplyQuote
 chr39
(@chroberts39)
Eminent Member
Joined: 16 years ago
Posts: 25
Topic starter 23/04/2014 3:57 am  

by workflow, i refer to the steps one would take to acquire, verify and interrogate a disk image for evidence of some incident/crime. Hope this clears it up.


   
ReplyQuote
 BitHead
(@bithead)
Noble Member
Joined: 20 years ago
Posts: 1206
23/04/2014 7:06 am  

by workflow, i refer to the steps one would take to acquire, verify and interrogate a disk image for evidence of some incident/crime. Hope this clears it up.

The steps to acquire and verify a single HDD are the same no matter the OS. As far as "interrogating", there are whole books (and more books) written on the subject. And depending on the incident/crime what an examiner would look for is quite different.

If an examiner were looking for evidence of theft of trade secrets the items of interest are likely to be quite different than what an examiner would look for on the computer of a subject suspected of trying to cover up a murder-for-hire plot. Sure both may include looking at communications, however the differences are far greater than the similarities in what would likely be substantive.


   
ReplyQuote
 a.nham
(@a-nham)
Eminent Member
Joined: 11 years ago
Posts: 32
23/04/2014 8:15 am  

The steps needed for acquisition are about the same for Windows and Linux, it is usually more of a matter of if you prefer opens source or paid support. The actual count of steps required is more based on programs rather than OS. Lastly, different interrogation tools may make faster acquisition/inquisition faster or more detailed, depending on how the product works and what you want. Think how few steps dd is, but also how it is only limited to acquisition and not interrogation. All a matter of personal preference rather than efficiency, thought some actions are a bit faster on one os than another, but that is due to program, not OS.


   
ReplyQuote
jaclaz
 jaclaz
(@jaclaz)
Illustrious Member
Joined: 18 years ago
Posts: 5133
23/04/2014 3:27 pm  

… it is usually more of a matter of if you prefer opens source or paid support.

To be picky (as I actually am) there are also cases of "paid, no support" 😯

jaclaz


   
ReplyQuote
HexDrugsRockNRoll
 HexDrugsRockNRoll
(@hexdrugsrocknroll)
Trusted Member
Joined: 17 years ago
Posts: 60
23/04/2014 3:36 pm  

To be picky (as I actually am) there are also cases of "paid, no support" 😯

jaclaz

It's at times like this we need a 'Like' button.


   
ReplyQuote
 chr39
(@chroberts39)
Eminent Member
Joined: 16 years ago
Posts: 25
Topic starter 25/04/2014 5:29 pm  

Thanks to everyone for their response so far. If I can clarify a bit more as to what I am trying to achieve here.

I am looking to consider the workflow or procedure if you like of a Windows based examination of Windows machine which will include from acquisition to reporting including the steps taken and tools used. I then have to devise a similar workflow for using a Linux distro (any one) to conduct the same examination. I then want to compare the two workflows and consider the pros and cons of each.

Because this is an uni assignment, I do not wish for anyone else to do the work for me (that is my job) but what I was looking for was a possible number of sources that are already in existence; including people's views on existing Linux based workflow to conduct a forensic examination of a Windows PC. One example here would be to contrast between Encase or FTK vs dd, dcvldd etc…

So, if you have experience of both workflows and in particular the 'batting order' of tasks within Linux, then I would be keen to discuss your views, any reference sources and then conduct my own experiments to validate and propose a Linux based examination methodology and workflow.

Hope this is not too detailed.

Cheers,


   
ReplyQuote
jhup
 jhup
(@jhup)
Noble Member
Joined: 16 years ago
Posts: 1442
25/04/2014 6:40 pm  

And, to further nitckpicking, one primary F/OSS monetizing solution is paid support.

"paid, no support" is more of a commercial venture. mrgreen

But, we digress as usual.

… it is usually more of a matter of if you prefer opens source or paid support.

To be picky (as I actually am) there are also cases of "paid, no support" 😯

jaclaz


   
ReplyQuote
Page 1 / 3
Forum Jump:
  Previous Topic
Next Topic  
Share: