Un-edited Live session – http://www.youtube.com/watch?v=_PNbvbL5_ik
Tony Bemus, Mat Enders, and Mary Tomich
Sound bites by Mike Tanner
Kernel News: Mat
mainline: 3.17 2014-10-05 stable: 3.17.1 2014-10-15 stable: 3.16.6 2014-10-15 longterm: 3.14.22 2014-10-15 longterm: 3.12.30 2014-10-08 longterm: 3.10.58 2014-10-15 longterm: 3.4.104 2014-09-25 longterm: 3.2.63 2014-09-13 longterm: 188.8.131.52 2014-06-18 linux-next: next-20141017 2014-10-17
Distro Talk: Tony
- 10-06 – Untangle NG Firewall 11.0
- 10-07 – CAINE 6.0
- 10-07 – NetBSD 6.1.5, 6.0.6
- 10-09 – ROSA R4 “Desktop Fresh”
- 10-11 – VyOS 1.1.0
- 10-11 – 4MLinux 10.0
- 10-11 – BackBox Linux 4.0
- 10-11 – GALPon MiniNo 2014 “PicarOS”
- 10-12 – Lunar Linux 1.7.0
- 10-12 – Smoothwall Express 3.1
- 10-14 – Scientific Linux 7.0
- 10-14 – Red Hat Enterprise Linux 6.6
- 10-17 – IPFire 2.15 Core 84 http://planet.ipfire.org/post/two-new-features-for-the-ipfire-firewall
- 10-17 – SELKS 1.0
Distro of the Week: Tony
- openSUSE – 1551
- Debian – 1645
- Lunar – 1816
- Mageia – 1996
- Mint – 2326
Mary Distro Review
Name: CAINE (Computer Aided Investigative Environment
Maintainer: Nanni Bassetti
Distro Latest Birthday: 10/7/2014
Review Desktop: Gnome
Caine boots to a Mate desktop environment. Several (10—Caine info, mixed scripts, root file manager, Firefox, keyboard changer, and some of the tools) icons are on the desktop, including an installer icon. Caine Linux is installed via Systemback.
Mate classic desktop environment I won’t go into a lot of detail about the stock Mate desktop—everyone knows it’s based on Gnome 2.
A single panel at the bottom. It contained several informative system tray icons. For example after connecting to wireless, my upload/download speed was always viewable. A right-click on the Blue-tooth allowed me to toggle it on and off, as well as perform other related tasks. Drive mounter icon is very slick—it’s “green” if the drive is mounted read-only. That is the default method for mounting devices. If you right-click the icon, you can toggle it to write-able. But be prepared for several warnings. After all, the whole idea of computer forensics is to not mess with the data and a write-able hard drive raises the risk.
Graphics: ( i915)
Wireless: (lib80211) No problem with the Broadcom chip. (Likely more the fact that it’s based on Ubuntu than anything else.)
Office Suite: LibreOffice
Mail Client: Thunderbird
File Manager: Files, Caja
The Install Process:
Intalling Caine is mostly a breeze. There are only a few steps to complete after you click the installer icon on the desktop:
1. Supply new user/password information (and root’s password)
2. Partition setting (size it, create it)
3. Highlight it and determine mount point, file system (ext4), and whether you want to format it.
4. Same screen has grub2 bootloader option.
After you complete the partition setup, Systemback is configured such that one of its restore points is “Live Image”. Click Start and the install begins. What’s actually happening is Systemback is restoring a system image to your computer.
After the install concludes, the system continued to sit in live mode for a long time. Once I started the reboot process, it suddenly remembered what to do.
During install, I was not prompted for any keyboard localization, timezone, etc. So the system rebooted on Italian time. First reboot shows a cleaner desktop than the live environment. There are only three icons: computer, user’s home, and trash.
Menu contained forensic tools sub-menu:
Memory forensics (Inception, Volatility)
Database ( SQLite database browser, Sqliteman)
Mobile forensics (Blackberry and Idevice scripts; iPhone Backup analyzer)
Network forensics (Netdiscover; Wireshark, Zenmap, Zenmap as root)
Other interesting Programs:
Guymager is a fast, open-source, graphical tool for creating disk images. Guymager has support for raw dd images, as well as EO1, and AFF image formats. The latter two image formats are commonly used in the digital forensics community because they provide the ability to store metadata about the disk image. I tested this tool using a 2gb usb stick that had 1GB of data on it. Guymager successfully created an image of the contents and added a .info file with metadata about the drive.
Fmount – (Forensic Mount) a bash script to detect and/or mount allocated partitions as read-only. Fmount successfully mounted the image that I created Guymager. It was mounted in /media/evidence/evidence_vol10). The contents were as accessible to me as the original.
Autopsy is a digital forensics tool and graphical interface to the Sleuth Toolkit and other digital forensics tools. For this tool, I connected an external hard drive and added it to the case locker, then ran an analysis on it. Was able to open individual sectors, as well as blocks of sectors, and view the content…in ASCII, Hex, ASCII Strings. It was all very interesting and all done from the comfort of a browser.
Fred – Forensic Registry Editor cross platform Microsoft registry hive editor with special features useful during forensic analysis. The user interface resembles the regedit interface: two panels. Fred also has a hex viewer area at the bottom right. Anything that is stored in the registry is available to Fred. For example, What was last time that a user opened a .doc file, What was the last program a user ran using the Start->Run dialog.
Zenmap – basically nmap designed to make it easier to use for beginners.
Photorec – PhotoRec is file data recovery software designed to recover lost files including video, documents and archives from hard disks, CD-ROMs, and lost pictures (thus the Photo Recovery name) from digital camera memory. PhotoRec ignores the file system and goes after the underlying data, so it will still work even if your media’s file system has been severely damaged or reformatted. I ran it on an external hard drive (1TB in size). Before I stopped it, it had found 22 files, over half of which were mpg files. The recovered files are placed into a separate directory in your home directory. I was curious whether I could play the recovered files. I could, although several libraries had to be installed to support playback of the format.
The only thing that was a little confusing about Caine was the root user. It appeared that I was taking
If you need to conduct a forensic examination, CAINE has the tools you need.
Linus Torvalds Regrets Alienating Developers with Strong Language
Tor Browser 4.0 is released
Munich sticks with Free Software
Mozilla’s New Magazine
PC-BSD at Ohio Linux Fest
The Security Bit
This POODLE Bites: Exploiting The SSL 3.0 Fallback
show (at) smlr.us or 734-258-7009
This content is published under the Attribution-Noncommercial-Share Alike 3.0 Unported license.