A Day of Cyber Investigation


Click here to start

Table of Contents

A Day of Cyber Investigation

Who is Fred Cohen?

Outline of the Day

Digital Forensics in Unix with ForensiX

Outline of this section...

Digital Forensics now playing at The University of New Haven

Class Outline and Overview

Lets get on-line

The Setup


Digital Forensics with ForensiX


What ForensiX is and does

What ForensiX Does

The ForensiX Process

Image data from the media

Assure the integrity of the imaged data

Examine the imaged data in raw form

Mount images and examine them as file systems

Examination of File Systems

File System Examination

Otherwise process images

Provide documentation

How to use ForensiX

Getting started

How the Screen Looks

The Four Screen Areas

Imaging disks

What happens:

Example: Image 100 floppies

Imaging other media

Imaging Big Things

Imaging to disk partitions & tapes

Imaging to CD ROMs

Imaging files to tar tapes

Imaging IP traffic

What IP imaging does

Direct image analysis

Direct disk image analysis

Example Direct Analysis

Search Results

Another search

Search Results

Direct TCP dump analysis

Results of the search

Mounting and using images

The results of the mount

What can go wrong

Other errors

Analysis of mounted images

Automated search for strings and regular expressions

Example Search

The same search: binary mode

Regular expression searches

Search plug-ins

Rapid review of graphic image files by the user

Excluding ‘known good’ files

Review file-by-file

Listings of file details

Tracer functions

Tracing IP information

Checking for exploits

Checking the password file

Other tracer functions

Analysis of TCP Data

Search TCP for ‘Password’

Audits, assurance, documentation, and replay


How to get more help

Free ForensiX CDs

Some notions of doing forensics under Unix

More Benefits of Unix

Break time

Author: User3