Hi there, never had my name dropped before I don't think, haha. The whole Sumo Linux update never really happened. When we had first talked with Marcus about it, nobody was really sure exactly what e-Fense was doing with their commercial transition, and while I can't speak for him (the project may well be still being worked on) I think there are already a wealth of tools out there and it probably didn't make sense to invest time in it, especially with his DojoCon coming up which was a resounding success.
I use Helix 3 Pro along with their Live Response tool. They are both great tools, but I am wondering about the support because as a company they've been very shaky in the last few months, with a huge staff turnover. Hopefully they'll get that sorted out because I would hate to see all of their work go for naught. Feel free to email me personally and I can try to answer any questions you have. I consider myself a novice at this stuff still, and am actually looking to build a collection of open source tools to use for examinations. Chris Gerling On Wed, Dec 9, 2009 at 4:12 PM, Robert Miller <[email protected]> wrote: > Tyler, > > Is this the first case your prosecuting attorney has had relating to > digital data evidence? > > If not ask them what or who did the last time and contact them for advice. > If this is first case or bad outcomes came from the previous case(s) I would > suggest contacting your local InfraGard (http://www.infragard.net/) > chapter. Along with that look into any local universities that may be > teaching any type of forensic classes, they would have at least a brief > overview on how to handle the evidence. An example of what I am talking > about is here: http://www.starkstate.edu/academics/it_tech/cybersecur.htmor > http://www.starkstate.edu/academics/it_tech/cybersecur/digital-forensics.htm- > try and locate the professor teaching these classes, then reach out with > your story asking for advice. > > Also look at SANS Computer Forensics and reach out to Rob Lee, he has > produced some really good articles and posts on these topics. Along with > Mr. Lee you might look at Chris Gerling from Securabit podcast, he has > talked about forensic classes and his personal experiences with digital > forensics, he would be a good resource. > > As for software, I have only used Helix prior to 3.0 the paid version and I > am unsure if Chris Gerling and Marcus Carey have officially released Sumo > Linux which was to take the place of Helix as an open source solution. > > Contact Scott Moulton, http://www.forensicstrategy.com/ he has a good > number of videos on YouTube showing things he has done, he is also really > nice and helpful if you have questions. > > Some other useful things might be: > > http://www.myharddrivedied.com/computer_forensics.html > > http://www.irongeek.com/i.php?page=videos/advanced-data-recovery-forensic-scott-moulton > > http://www.irongeek.com/i.php?page=videos/data-carving-with-photorec-to-retrieve-deleted-files-from-formatted-drives-for-forensics-and-disaster-recovery > > http://www.irongeek.com/i.php?page=security/windows-forensics-registry-and-file-system-spots > http://blog.dojosec.com/ > http://www.opensourceforensics.org/tools/unix.html > http://www.opensourceforensics.org/tools/windows.html > > I know when I started working on live memory forensics local law > enforcement and universities have a hard time giving me a proper chain of > custody procedure because of how new this area is. It did seem though that > everyone I spoke to stressed the importance of chain of custody and the > contamination of the evidence during the recovery. > > I am sorry it is not better or more detailed to your question but I hope > others can add to this or something I have will lead you in the right > direction. > > Please keep us in the loop as you find your answers, thanks > > - Robert > arch3angel > > > On 12/9/2009 12:55 PM, Tyler Robinson wrote: > > Hey all looking for some of the fantastic advice that the pauldotcom > listeners always provide. I am helping our prosecuting attorney with > evidence from a hard drive, I am wondering what software everyone is using > to make the drive images, and if anyone knows of a good website that has all > the proper forms ex. digital chain of custody, and also some checklists or > guidelines. I know that Helix is a widely accepted linux distro for this > sort of thing but dont have much experience with it. I also have a copy of > FTR and have worked with it a bit. So any advice at all is always > appreciated. Thanks again and Thanks to Paul and Larry for bringing together > such a dynamic group of Security professionals and a great show. > > -- > Tyler Robinson > Owner of Computer Impressions and Tactical Network Security > > > _______________________________________________ > Pauldotcom mailing > [email protected]http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > Main Web Site: http://pauldotcom.com > > > > _______________________________________________ > Pauldotcom mailing list > [email protected] > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > Main Web Site: http://pauldotcom.com >
_______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
