±Forensic Focus Partners

Become an advertising partner

±Your Account


Username
Password

Forgotten password/username?

Site Members:

New Today: 1 Overall: 34485
New Yesterday: 1 Visitors: 163

±Follow Forensic Focus

Forensic Focus Facebook PageForensic Focus on TwitterForensic Focus LinkedIn GroupForensic Focus YouTube Channel

RSS feeds: News Forums Articles

±Latest Articles

±Latest Webinars

Linux Forensics Beginner Intro

Forensic software discussion (commercial and open source/freeware). Strictly no advertising.
Reply to topicReply to topic Printer Friendly Page
Forum FAQSearchView unanswered posts
Go to page 1, 2  Next 
  

Linux Forensics Beginner Intro

Post Posted: Mon Oct 22, 2007 1:27 pm

Ladies and Gents,

A new version of the Law Enforcement and Forensic Examiner's
Introduction to Linux, A Beginner's Guide is now available at its new
home:

www.LinuxLEO.com

Info from the changelog is posted below. Please direct any questions or
correspondence to bgrundy (at) LinuxLEO.com

Barry.

From the Change Log:

Version 3.20
-added compression on the fly exercise (for dd).
-added dd over the wire (network acquisition).
-added more detailed Sleuthkit section (commands)
-added TSK NTFS exercises (ADS, deleted files,sorter)
-added deleted file allocation determination and recovery exercise
(TSK/EXT2)
-removed support for Autopsy (I just don't use it anymore-I'll add it
back if
enough people request it).
-added libewf section.
-removed reference to NASA loopback (unsupported)
-added SMART filtering section using NTFS (classroom exercise)
-added SMART search section using EXT (classroom exercise).
-added section on configuring Slackware if a 2.6 kernel version is used
(12.x).

Version 2.55
-added a changelog Wink
-Document is now Slackware centric
-updated to Sleuthkit 2.0x (full disk images and split support)
-updated to Autopsy 2.0x (for use with new TSK)
-formatting changes for readability  

bgrundy
Senior Member
 
 
  

Re: Linux Forensics Beginner Intro

Post Posted: Mon Oct 22, 2007 4:54 pm

Helix for Beginners (BJ Gleason & Drew Fahey)
www.e-fense.com/helix/...ix0307.pdf
_________________
Computer, Cell Phone & Chip-Off Forensics

linkedin.com/in/igormikhaylovcf 

Igor_Michailov
Senior Member
 
 
  

Re: Linux Forensics Beginner Intro

Post Posted: Mon Oct 22, 2007 7:11 pm

- Igor_Michailov
Helix for Beginners (BJ Gleason & Drew Fahey)
www.e-fense.com/helix/...ix0307.pdf


The document described on page 79 of the Helix guide (and on the Helix disk) is an older version of this doc. What I posted is an update to the guide referenced in the Helix book (which is really good, by the way).  

bgrundy
Senior Member
 
 
  

Re: Linux Forensics Beginner Intro

Post Posted: Wed Oct 24, 2007 7:32 am

well posted bg,

nice to see it homed on such a clean looking website too Smile wtg

Kern

edit: typo  

Last edited by kern on Wed Oct 24, 2007 8:37 am; edited 1 time in total

kern
Senior Member
 
 
  

Re: Linux Forensics Beginner Intro

Post Posted: Wed Oct 24, 2007 8:13 am

- kern


nice to see it homed on such a clean looking website too Smile wtg



Seconded. Very nice and clean site.  

Jonathan
Senior Member
 
 
  

Re: Linux Forensics Beginner Intro

Post Posted: Fri Sep 05, 2008 12:31 am

Updated again.

Version 3.65 is now available at

www.linuxleo.com

Changelog:

Version 3.65
-Switched to 2.6 kernel install in intro (Slackware 12.1).
-Added brief section on device detection (by request).
-updated details for recent versions of Linux tools.
-updated Sleuthkit and libewf section to account for changes in install for
TSK > 2.50 (autotools build design).
-moved libewf before TSK to account for lib install
-added section on alternative imaging tools (dc3dd,ddrescue)
-added dls exercises by request (TSK).
-added brief exercise on sigfind (TSK).

questions, suggestions and flames to bgrundy [at] linuxleo.com  

bgrundy
Senior Member
 
 
  

Re: Linux Forensics Beginner Intro

Post Posted: Fri Sep 05, 2008 1:02 am

Excellent news! Your guide has been extremely helpful to me, Barry. I appreciate your work putting it together.
KP  

KPryor
Senior Member
 
 

Page 1 of 2
Go to page 1, 2  Next