CS 381.3 - Forensic Computing


	CS 381.3 Forensic Computing, Spring 2008
	
	Here you may find things relevant to this class.

Class Information Links Books Class Schedule Class Listserve Code Examples Blog Linux Tutorial Books, Policies and more Links to tools and other interesting things. Suggested reading [not mandatory]. Tentative class schedule [with readings listed]. Listserve for class discussion. Extra code examples. Class blog with extra notes etc Brief introduction to Linux

Announcements Just in case you are interested, there is a conference coming up soon HOPE given by 2600. There are tons of interesting talks. It should be interesting. 4/29: Image image md5 of zip md5 of image 4/15: Practice #2 Download image 2 with md5sums and questions files for stegdetect image 3 and md5sums jphide 4/10: Practice #1 Download image 1 and the questions and we will work on this in class [md5sum]. 4/8: DFRWS Challenge See the challenge here mork.pl modified for datetimes 3/21: Elf analysis ELF format Introduction to Reverse Engineering Software ERESI debugger ERESI Articles gdb documentation ASCII Another ASCII Table Big Endian v Little Endian 3/4: Network tools Etherape p0f snort tcpdump tcpflow Wireshark (and tshark, mergecap, editcap) 2/26: Wireshark Labs Wireshark labs Forensic Logs chaosreader.pl For encrypted zip files use: PicoZip 2/13: Memory Analysis XML Writer $ perl Makefile.PL $ make install Here is an extra memory image for analysis (XP). Here is the md5sum file for the tar.gz and the image file. We will also use the image that comes with the book (2K). 2/6: HW 1 Homework 1 is due 2/19. 2/4: Sleuthkit/Autopsy Fix I have added a fix for Sleuthkit on the blog. There are also some installation instructions for the other tools we installed. Also, someone added a page to the listserve (thanks) with a link that may help some of you: http://www.sleuthkit.org/sleuthkit/docs/lucas_cygwin.pdf. I had meant to post this link before, but forgot. Actually, most students haven't had much trouble with basic installation as we did in class in the past... Just in case though, I'm glad that it was brought to my attention that some extra help may be needed. Let me know if you have any more problems. Also, I'm going to change the schedule a bit. We are going to do live Windows forensics tomorrow and we'll move the buffer overflow / honeypot discussion to after we discuss Linux memory and live forensics. Here is a list of stuff you need for live forensics: fport PsTools Suite Oem3sr2.zip Forensic Aquisition Utilities [FAU] Memory Analysis Vadtools Volatility Ptfinder Older versions of Ptfinder Graphviz Windows IR/CF Tools 1/30: Cygwin Installation Here are instructions for the Cygwin Installation. 1/29: Listserve You can join the listserve for the class. It will allow us to keep in touch, ask questions and make announcements. The link is above or you can use the below to sign up: Subscribe to QC Forensic Computing Email: Visit this group

QC > QC CS Dept > J. Levy Homepage > CS 381.3

Last Modified:

Jamie L. Levy
Computer Science Department
Queens College, CUNY