CS 381.3 Forensic Computing, Fall 2007 Here you may find things relevant to this class.
|
Class Information Links Books Class Schedule Class Listserve Code Examples Blog |
Books, Policies and more Links to tools and other interesting things. Suggested reading [not mandatory]. Tentative class schedule [with readings listed]. Listserve for class discussion. Extra code examples. Class blog with extra notes etc |
Announcements
12/11: Process Tree
Here is the
graph. With these commands.
11/27: Memory Image
Try this
image. Here is the md5sum info.
You will need XML::Writer
for ptfinder. Unzip the package as usual and then type:
$ perl Makefile.PL
$ make install
11/20: Memory analysis
Vadtools
Volatility
Ptfinder
Graphviz
For encrypted zip files use: PicoZip
11/1: Extracted files
Here they are.
10/23: File Signatures
This
website might help you to discover files based on headers
another thing that might help you is: jphide [Windows
][Source
Code]
10/21: Another Practice
Try This image in lab. It is a continuation
of the first image case and here is the report
10/19: /dev files
I have now zipped up the /dev files for you to use with
cygwin. You can find them here: dev.zip
You can see an example of finding the passwords and usernames in the
traces here: Telnet/FTP
connection
Also, try this perl script for extracting the files from the network
traces: chaosreader.pl You can
find more information about this tool at: chaosreader.sourceforge.net.
It works better than the other tool I told you about, however it
doesn't extract everything...
10/18: Practice #2
Download image 2
10/11: Practice #1
Download image 1 and the questions and we will work on
this in class.
8/29: Listserve
You can join the listserve for the class. It will allow us to keep in touch,
ask questions and make announcements. The link is above or you can use the below
to sign up:
|
| Subscribe to QC Forensic Computing |
| Visit this group |
