Digital Forensics Investigator (DFI) - Useful links

---

Show Host: Mike Rodrick

• ITpro.tv

Show Instructor: Sean Philip Oriyano

• Author/Consultant/Instructor
  oriyano.com
  Books

Forensic Tool Suites

• Open Source

• The Sleuth Kit / Autopsy
  Forensic Incident Response Environment (F.I.R.E.)
  Helix3 (also has payed version)

• Commercial Tools (most have free or trial versions)

• Forensic Toolkit (FTK) - & FTK Imager
  EnCase
  Paraben

Other Very Useful Suites

• Windows Sysinternals
  Hiren’s BootCD 15.2 - lots of utilities
  Burp Suite - also comes with KALI linux

Forensic Operating Systems, VM's, Live CD's/DVD's & USB's

• KALI Linux
  (SIFT) SANS Investigative Forensic Toolkit
  (DEFT) Digital Evidence & Forensics Toolkit

Forensic Tools

• metasploit - also somes with KALI
  GetData - data recovery
  Hashcat - advanced password recovery
  DriveSpy
  metagoofil - KALI tool designed for extracting metadata of public documents (pdf,doc,xls,ppt,docx,pptx,xlsx)
  PE.Explorer
  AUTODESK
  ZAMAR - free online file converter
  McAfee Free Tools
  CRU WiebeTech - forensic products
  sourceforge - security utilities
  Top 20 Free Digital Forensic Investigation Tools for SysAdmins
  Windows System Control Center (WSCC)
  Netcat (GNU)
  Wireshark
  Lizard LABS
  Log Parser 2.2 - from Microsoft
  WI‑SPY + CHANALYZER
  nmap
  NirSoft - lots of freeware utilities
  regviewer
  L0phtCrack - password audit & recovery
  IDA - multi-processor disassembler and debugger
  gimp - (GNU)
  IrfanView - freeware graphic viewer for Windows
  OllyDbg
  Wikto
  Andriod App Ops Starter
  Black Hole Faraday Bag

Mobile Forensics

• Software
• • Oxygen Forensics
    MOBILedit
    BitPim
    Sim Ananyzer (bkforensics)
    Paraben (free & demo software)

• Hardware

• • Digital Intelligence
    Secure View (Mobile Forensics)
    Paraben (Device Seizure)
    Xact Data Discovery
    CellDEK from Logicube

Investigative reports

• http://resources.infosecinstitute.com/computer-forensics-investigation-case-study
  http://digital-forensics.sans.org/blog/2010/08/25/intro-report-writing-digital-forensics
  https://digital-forensics.sans.org/community/cheat-sheets
  http://www.forensicfocus.com/computer-forensics-reports
  http://resources.infosecinstitute.com/computer-forensics-investigation-case-study/
  https://www.ncjrs.gov/pdffiles1/nij/199408.pdf

Other Forensic Links

• High Technology Crime Investigation Assoc
  InfraGard
  Digital Inteligence
  SANS
  SANS Institute InfoSec Reading Room
  Logicube
  Appliance for Digital Investigation and Analysis (ADIA)
  The International Society of Forensic Computer Examiners (ISFCE)
  (CCE) Certified Computer Examiner suggested study from ISFCE
  (CFTT) Computer Forensics Tool Testing Methodology Overview
  (CFReDS) Computer Forensic Reference Data Sets - The CFReDS Project
  ARC Group of New York - techpathways
  Symantec
  Wall of Sheep shop

Some Programming Languages

• Perl - Download
  Python - Download
  Visual Studio Express

ITPro.tv Courses that compliment DFI

• PowerShell Course for Administrators
  Wireshark
  Network+
  Security+
  (CEH) Certified Ethical Hacker
  (SSCP) Systems Security Certified Practitioner
  (CISSP) Certified Information Systems Security Professional

Day 3 WEDNESDAY links :

Paterva
NEXPOSE - Vulnerability management
Notepad++
virtualbox
DEEP LOG ANALYZER
Hyper-v: virtual machines on Windows 8.1
Darik's Boot And Nuke(dban) - Data Wiping Software
WhiteCanyon Software

Day 4 THURSDAY links:

• NSA Media Destruction Guidance
  Disklabs
  Cold Boot Attacks on Encryption - Princeton.edu paper
  wotsit.org

Other Useful Links

• Backup & Restore MBR in Windows
  The Basic: What is e-Discovery
  In-Place eDiscovery & Hold in Exchange 2013

Steganograpy

• wikipedia page
  mozaiq's steganograpy service

Hard Drive Recovery Videos

• https://www.youtube.com/watch?v=Kx-D1nJcv0k
  https://www.youtube.com/watch?v=Tg0Uli2_rwI&NR=1

Michala's Certified Ethical Hacker(CEH) forum link:

A must view forum

• https://bitly.com/itpro-ceh-links

Forensic Certifications
• (CCE) Certified Computer Examiner
• (CCCI) Certified Computer Crime Investigator
• (CFCE) Computer Forensics Computer Examiner
• (CIFI) Certified Information Forensics Investigator
• (PCI) Professional Certified Investigator

• (CCFE) Certified Computer Forensics Expert
• (CDRP) Certified Data Recovery Professional

• (CISSP) Certified Information Systems Security Professional

More Certifications & information

• (ISC2)
• (IACRB) Information Assurance Certification Review Board
• Computer Forenics

Books

• Forensic Discovery by Dan Farmer and Wierse Venema
• Internet Forensics by Robert Jones
• File System Forensic Analysis by Brian Carrier
• Windows Forensic Analysis DVD Toolkit, Second Edition by Harlan Carvey

Internet Sites

http://www.forensicfocus.com
http://www.digital-evidence.org/
http://www.fbi.gov/cyberinvest/cyberhome.htm
http://krebsonsecurity.com/2010/03/researchers-map-multi-network-cybercrime-infrastructure/
http://www.ccmostwanted.com/
http://www.symantec.com/norton/cybercrime/index.jsp
http://www.antiphishing.org/
http://dataprotection.ie
http://www.tjmcintyre.com
http://en.wikipedia.org/wiki/Computer_crime

Journals

• Journal of Digital Forensics, Security and Law
• International Journal of Digital Crime and Forensics
• Journal of Digital Investigation
• International Journal of Digital Evidence
• International Journal of Forensic Computer Science
• Journal of Digital Forensic Practice
• Cryptologia
• Small Scale Digital Device Forensic Journal

Misc links

• https://www.women.cs.cmu.edu/ada/Resources/Women/
  http://www.immunityinc.com/

Articles From News

• Irish Pupils record's at risk
  Phishing Email Destroys Hard Drives to avoid detection
  NETFLIX Introducing FIDO: Automated Security Incident Response
  Celebrate Screen-Free Week May 4th-10th
  Super secretive malware wipes hard drive to prevent analysis
  Phoebe Prince Suicide from Cyber Bullying
  Garda (Irish Cops) is accused of stalking ex-boyfriend

Episode 1 - Modern Computer Forensic
• Categories of Attacks

• Person on Person
  Person on Computer
  Computer on Computer
  •Types of Cyber Crime
• Corporate crime
  Criminal crime
  )

Episode 11 - Wireless

• http://www.riverbed.com/products/performance-management-control/network-performance-management/wireless-packet-capture.html#Overview
  http://www.tenable.com/products/nessus-vulnerability-scanner
  http://www.metageek.com/products/eye-pa/

Episode 12 - Investigating Email Crime

• Spam Senders Convicted In First Felony Case
  CAN-SPAM Act: A Compliance Guide for Business
  Department of Defense Releases New Cyber Strategy
  File Carving
  Formost
  Scalpel
  TestDisk and PhotoRec, CmosPwd,Lilo Password,Chntpw for dos
  PC Inspector
  quickdatarecoverypro
  Stellar Phoenix: File Recovery Software
  Data Recovery Wizard Professional

• Partition Recovery

• Active@
  Acronis
  Isobuster
  Spin~Rite

@Ben-Coyle Thanks so much for putting together the links list for this series of shows. I so wish I could attend live but work gets in the way ;)

You are more than welcome.

I'm not sure I'll catch them all live either but will do my best & Debra, James & some others will help me keep up to date I'm sure.

My burger was lovely, hope you enjoy yours :)

Thanks so much for organizing this, Ben:exclamation: And yep, you can count on me:grey_exclamation: :thumbsup:

ITProTV family!

Great job keeping each other informed!

Cordially,
Ronnie Wong
Host, ITProTV

@Ben-Coyle Here's another one for your list based on the comment about Sean's books: https://www.goodreads.com/author/list/4511669.Sean_Philip_Oriyano

In the UK forensic investigators have to follow the ACPO Good Practice Guide for Digital Evidence (2011). These core principles apply:

Principle 1: Data stored in a computer or storage media must not be altered or changed, as those data may be later presented in the court.

Principle 2: A person must be competent enough in handling the original data held on a computer or storage media if it is necessary, and he/she also shall be able to give the evidence explaining the relevance and course of their actions.

Principle 3: An audit trail or other documentation of all processes applied to computer-based electronic evidence should be created and preserved. An independent third party should be able to examine those processes and achieve the same result.

Principle 4: A person who is responsible for the investigation must have overall responsibility for accounting that the law and the ACPO principles are adhered to.

@Ben-Coyle Another one for your list. Today I came across the 'Forensic Acquisition of Websites Project' tool which not only captures the website but records a video and takes a packet trace a the same time. It saves it all into a folder. Pretty neat - not sure if acceptable in court or not.

@Ben-Coyle Last one for today, I've been playing with an all in one suite 'OS Forensics' which seems okay. It logs your actions and can generate a report of signifcant findings that you flag - take a look and waste some more time playing with tools :)

I like the links you put together. I will investigate deeper.

I would also like to point out a investigative tool that focuses on Apple products call Black Light from Black Bag Technologies.

We have more Apple devices than Windows so it made sense for us to go with this tool. Like Encase or FTK it can analyze and carve other system but it has that apple look.

https://www.blackbagtech.com/

I've not looked at these in depth but this guy has put together a pretty impressive list that he calls "Forensic Challenges."

http://www.amanhardikar.com/mindmaps/ForensicChallenges.html