Santoku Linux for Mobile device forensics

You can try out Santoku Linux for mobile device forensics. Forensics procedures may be slightly different for mobile devices when compared to computers.

Microsoft Windows and malware (duqu)

Facts have proven time and again, that Microsoft Windows is inherently insecure, whatever may be told to the world about it’s security having improved over the years. In fact, those who get infected on account of these defects should take the battle to Microsoft and demand compensation. Though there are other technical controls within their . . . → Read More: Microsoft Windows and malware (duqu)

Recover data and deleted files using testdisk and PhotoRec

You can use testdisk and Photorec from to recover missing files from your SD Cards. There are other tools at too.

You can also install it from your distribution’s repository. It is a part of some digital forensics tools.

In Ubuntu 14.04 open up the Software Manager and look for photorec. When retrieving . . . → Read More: Recover data and deleted files using testdisk and PhotoRec

Data Recovery in Linux

# sudo apt-get install ddrescue

Connect the disk whose data is to be recovered to the computer.

# sudo dd_rescue /dev/sdb diskimage.img # mount -t ext3 -o loop diskimage.img /mnt/tmp

/dev/sdb will vary depending on the devices connected on the computer.

Forensics Distribution / Resources in Linux

Try Backtrack 4 and Knoppix-STD. Both are good to perform forensic analysis of computer systems.

You can get lots of information from CMU-SEI which is the First Responders Forensics Guide, and you can also get literature from the internet. WinHex is a program that does forensic analysis in Windows.

The web page by Gary Kessler . . . → Read More: Forensics Distribution / Resources in Linux

Install Forensics Tools on Fedora

Visit URL to download the rpm for th eCERT-Forensics repository.

Install it and then give command: # yum install CERT-Forensic-Tools This will install all the Linux forensics tools onto your Fedora system.

Forensic Tools Live CD knoppix Penguin Sleuth Helix from At knoppix prompt, type knoppix 2 noswap # mount -ro /dev/hda1 /mnt/hda1 # mount -rw /dev/uba1 images ‘mount new drive # md5sum /dev/hda1 > /images/dataorig.txt # dd if=/dev/hda1 of=/images/dataorig.img # md5sum /images/dataorig.img > /images/copy.txt Compare the md5 sums. If same, then you have an identical copy.

. . . → Read More: Forensic Tools

Criminal interrogation techniques / forensic books

NIST 800-86, 800-34, 800-30, 800-55 and Autoscan software licence tools BSA site also has tools. – Threats Interrogation Books Principles of kinesic interview and interrogation techniques by Stan Walters CRC Press. Influence – Science and practice by Rober Cialdini Essentials of the Reid technique Criminal interrogation and confessions by Joseph Buckley.

Good books on Security

Linux Security Audit and Control Features Antihacker Toolkit 3rd edition Practical Unix and Internet Security 3rd edition Fraud Auditing and Forensic Accounting 3rd Edition Implementing Database Security and Auditing Grey Hat Hacking Ethical Hackers Handbook.

Computer Forensics

The Coroners Tool kit

October 2019
« Sep