≡ Menu

computer forensics

I already written about howto remove a password from all PDF files under Ubuntu or any other Linux distribution in a batch mode. However, many user want a simple command to recover password from pdf files. This is useful if you forgotten your password for pdf file. It is also useful for data-archaeologists, computer forensics professionals, people who want to test their password-strength (pdf files generated by webpass) and many more.
[click to continue…]

Understanding Forensics

Forensics is the art and science of applying computer science to aid the legal process. Linux journal has published a nice introduction to Forensics:

A break-in can happen to any system administrator. Find out how to use Autopsy and Sleuthkit to hit the ground running on your first forensics project.

There are certain aspects to system administration that you can learn only from experience. Computer forensics (among other things the ability to piece together clues from a system to determine how an intruder broke in) can take years or even decades to master. If you have never conducted a forensics analysis on a computer, you might not even know exactly where to start. In this guide, I cover how to use the set of forensics tools in Sleuthkit with its Web front end, Autopsy, to organize your first forensics case.

One of the most common scenarios in which you might want to use forensics tools on a system is the case of a break-in. If your system has been compromised, you must figure out how the attacker broke in so you can patch that security hole. Before you do anything, you need to make an important decision—do you plan to involve law enforcement and prosecute the attacker?

=> Introduction to Forensics

Mihai Criveti has published a list for digital forensics work. This page is worth bookmark:

Computer Forensics is a science and an art. And to perform it, you need tools to identify, acquisition, preserve and analyze data in a clean, safe, non-destructive manner. Lots of tools. Everything from data acquisition to virtualization and steganalysis.

A list of more or less free tools (mostly open source or freeware, but I have included some relevant commercial products) no digital forensics expert should be without

=> Digital Forensic Tools: Imaging, Virtualization, Cryptanalysis, Steganalysis, Data Recovery, Reverse Engineering