Table of Contents
A Day of Cyber Investigation
Who is Fred Cohen?
Outline of the Day
Digital Forensics in Unix with ForensiX
Outline of this section...
Digital Forensicsnow playing atThe University of New Haven
Class Outline and Overview
Lets get on-line
The Setup
Files
Digital ForensicswithForensiX
Outline
What ForensiX is and does
What ForensiX Does
The ForensiX Process
Image data from the media
Assure the integrity of the imaged data
Examine the imaged data in raw form
Mount images and examine them as file systems
Examination of File Systems
File System Examination
Otherwise process images
Provide documentation
How to use ForensiX
Getting started
How the Screen Looks
The Four Screen Areas
Imaging disks
What happens:
Example: Image 100 floppies
Imaging other media
Imaging Big Things
Imaging to disk partitions & tapes
Imaging to CD ROMs
Imaging files to tar tapes
Imaging IP traffic
What IP imaging does
Direct image analysis
Direct disk image analysis
Example Direct Analysis
Search Results
Another search
Search Results
Direct TCP dump analysis
Results of the search
Mounting and using images
The results of the mount
What can go wrong
Other errors
Analysis of mounted images
Automated search for strings and regular expressions
Example Search
The same search: binary mode
Regular expression searches
Search plug-ins
Rapid review of graphic image files by the user
Excluding ‘known good’ files
Review file-by-file
Listings of file details
Tracer functions
Tracing IP information
Checking for exploits
Checking the password file
Other tracer functions
Analysis of TCP Data
Search TCP for ‘Password’
Audits, assurance, documentation, and replay
Presentation
How to get more help
Free ForensiX CDs
Some notions of doing forensics under Unix
More Benefits of Unix
Break time
|