Loading ...
Sorry, an error occurred while loading the content.
 

Need some advice

Expand Messages
  • mrp_bpp
    Hi, Im going to develop a Linux distributoon for computer forensics and coroner systems things,to finish my collage last-year project.Now I already build the
    Message 1 of 11 , Dec 9 10:54 PM
      Hi, Im going to develop a Linux distributoon for computer forensics
      and coroner systems things,to finish my collage last-year project.Now
      I already build the linux from Ubuntu Gutsy Gibbon, and using
      fluxbox.I'm planning to add some apps and forensics related docs like :

      afflib-3.0.4.
      ftimes-3.8.0
      pasco_20040505_1
      air-1.2.8.
      galleta_20040505_1
      pyflag-0.84RC4.
      allin1-0.4.
      gpart-0.1h.
      rifiuti_20040505_1
      autopsy-2.08.
      help-when-broken-into
      rootcheck-0.7
      autopsy-foremost.patch.
      kregedit-0.1.
      sleuthkit-2.09.tar.gz
      chkrootkit.tar.gz
      linuxintro-LEFE-3.20.pdf
      spider-4.0.tar.gz
      chntpw-source-070923.zip
      mac-robber-1.00.tar.gz
      tcpflow-0.21.tar.gz
      dcfldd-1.0.tar.gz
      magicrescue-1.1.4.tar.gz
      tct-1.18.tar.gz
      driftnet-0.1.6.tar.gz
      mburdach_digital_forensics_of_physical_memory.pdf
      termsofuse.asp?file=pasco.zip
      e2retrieve_20070415.tar.gz
      memdump-1.01.tar.gz
      testdisk-6.8.linuxstatic.tar.bz2
      foremost-1.5.3.tar.gz
      nstreams-1.0.3.tar.gz
      vinetto-beta-0.07.tar.gz
      fstools-1.0.3.zip
      odd-1.0.tar.gz

      and still add some apps.

      so any suggest or advice? I already remove the automountfs.

      thanks for attention

      best regards,
      Mada R Pedhana
    • Michel Roukine
      ... Hi, ... I suggest you add vinetto-alpha-0.06.tar.gz, NOT vinetto-beta-0.07 ! vinetto-beta-0.07 is buggy and it will not be corrected before the end of
      Message 2 of 11 , Dec 9 11:36 PM
        --- In linux_forensics@yahoogroups.com, "mrp_bpp" <mrp_bpp@...> wrote:
        > Hi, Im going to develop a Linux distributoon for computer forensics
        > and coroner systems things,to finish my collage last-year project.Now

        Hi,

        ...
        > ...I'm planning to add some apps and forensics related docs like :
        >
        ...
        > vinetto-beta-0.07.tar.gz
        ...
        > so any suggest or advice? I already remove the automountfs.

        I suggest you add vinetto-alpha-0.06.tar.gz, NOT vinetto-beta-0.07 !

        vinetto-beta-0.07 is buggy and it will not be corrected before the end
        of january 2008.

        Best regards,

        M. Roukine
      • Harry Duncan
        ... ... Start by critically examining existing linux forensics distributions, most of which are iso based live cd distributions. Consider
        Message 3 of 11 , Dec 9 11:59 PM
          On Dec 10, 2007 6:54 AM, mrp_bpp <mrp_bpp@...> wrote:
          > Hi, Im going to develop a Linux distributoon for computer forensics
          > and coroner systems things,to finish my collage last-year project.Now
          > I already build the linux from Ubuntu Gutsy Gibbon, and using
          > fluxbox.I'm planning to add some apps and forensics related docs like :
          <snip list of tools>
          > so any suggest or advice? I already remove the automountfs.

          Start by critically examining existing linux forensics distributions,
          most of which are iso based live cd distributions.

          Consider whether or not you want to be able to do live system exams
          (analysis of a running system), live pre-viewing (as in analysis of an
          unmounted system before imaging), or whether you are simply going the
          post mortem route. Consider the implications and uniqness of the three
          approaches, eg, live pre-viewing tools won't necessarily need to work
          with images, all post mortem tools will need to work with images or
          mounted images that are not viewed as actual system disks etc, and
          live previewing tools might involve linux, mac or windows tools.

          Consider also that forensics isn't about throwing tools at a job, its
          about processes and procedures, so right from the word go classify
          your tools, and consider documenting your distro with suggested
          procedures.

          HTH,

          Harry.
        • calimelo
          Hi, How about a slax distro, with gnome interface? Slax distros can be booted from flash drives, i wonder if ubuntu does. Salutations ... [Non-text portions of
          Message 4 of 11 , Dec 10 12:08 AM
            Hi,

            How about a slax distro, with gnome interface? Slax distros can be booted
            from flash drives, i wonder if ubuntu does.

            Salutations

            2007/12/10, Harry Duncan <usr.src.linux@...>:
            >
            > On Dec 10, 2007 6:54 AM, mrp_bpp <mrp_bpp@...<mrp_bpp%40yahoo.com>>
            > wrote:
            > > Hi, Im going to develop a Linux distributoon for computer forensics
            > > and coroner systems things,to finish my collage last-year project.Now
            > > I already build the linux from Ubuntu Gutsy Gibbon, and using
            > > fluxbox.I'm planning to add some apps and forensics related docs like :
            > <snip list of tools>
            > > so any suggest or advice? I already remove the automountfs.
            >
            > Start by critically examining existing linux forensics distributions,
            > most of which are iso based live cd distributions.
            >
            > Consider whether or not you want to be able to do live system exams
            > (analysis of a running system), live pre-viewing (as in analysis of an
            > unmounted system before imaging), or whether you are simply going the
            > post mortem route. Consider the implications and uniqness of the three
            > approaches, eg, live pre-viewing tools won't necessarily need to work
            > with images, all post mortem tools will need to work with images or
            > mounted images that are not viewed as actual system disks etc, and
            > live previewing tools might involve linux, mac or windows tools.
            >
            > Consider also that forensics isn't about throwing tools at a job, its
            > about processes and procedures, so right from the word go classify
            > your tools, and consider documenting your distro with suggested
            > procedures.
            >
            > HTH,
            >
            > Harry.
            >
            >


            [Non-text portions of this message have been removed]
          • Christophe Monniez
            ... Is it a boot CD or an installable distro ? Don t forget to include basic admin tools like fdisk, disktype, lshw ... Also, don t forget to include support
            Message 5 of 11 , Dec 10 12:49 PM
              Le lundi 10 décembre 2007 à 06:54 +0000, mrp_bpp a écrit :
              > Hi, Im going to develop a Linux distributoon for computer forensics
              > and coroner systems things,to finish my collage last-year project.Now
              > I already build the linux from Ubuntu Gutsy Gibbon, and using
              > fluxbox.I'm planning to add some apps and forensics related docs
              > like :
              >
              > afflib-3.0.4.
              > ftimes-3.8.0
              > pasco_20040505_1
              > air-1.2.8.
              > galleta_20040505_1
              > pyflag-0.84RC4.
              > allin1-0.4.
              > gpart-0.1h.
              > rifiuti_20040505_1
              > autopsy-2.08.
              > help-when-broken-into
              > rootcheck-0.7
              > autopsy-foremost.patch.
              > kregedit-0.1.
              > sleuthkit-2.09.tar.gz
              > chkrootkit.tar.gz
              > linuxintro-LEFE-3.20.pdf
              > spider-4.0.tar.gz
              > chntpw-source-070923.zip
              > mac-robber-1.00.tar.gz
              > tcpflow-0.21.tar.gz
              > dcfldd-1.0.tar.gz
              > magicrescue-1.1.4.tar.gz
              > tct-1.18.tar.gz
              > driftnet-0.1.6.tar.gz
              > mburdach_digital_forensics_of_physical_memory.pdf
              > termsofuse.asp?file=pasco.zip
              > e2retrieve_20070415.tar.gz
              > memdump-1.01.tar.gz
              > testdisk-6.8.linuxstatic.tar.bz2
              > foremost-1.5.3.tar.gz
              > nstreams-1.0.3.tar.gz
              > vinetto-beta-0.07.tar.gz
              > fstools-1.0.3.zip
              > odd-1.0.tar.gz
              >
              > and still add some apps.
              >
              > so any suggest or advice? I already remove the automountfs.
              >

              Is it a boot CD or an installable distro ?

              Don't forget to include basic admin tools like fdisk, disktype, lshw ...
              Also, don't forget to include support for as much as possible
              filesystems.

              Do not forget to disable any automount system (especially for journaling
              filesystems and swap partitions).

              If you want a list of linux forensics tools, take a look at
              http://www.lnx4n6.be/ (especially at the boot cd content :
              http://www.lnx4n6.be/index.php?sec=Documentation&page=bootcdcontent)



              --
              Christophe Monniez <d-fence@...>
              www.d-fence.be - www.lnx4n6.be
            • Gary Funck
              ... You might also take a look at the GRML live CD: http://grml.org/ grml is a bootable CD (Live-CD) originally based on Knoppix and nowadays based on Debian.
              Message 6 of 11 , Dec 10 1:33 PM
                On 12/10/07 21:49:30, Christophe Monniez wrote:
                >
                > Don't forget to include basic admin tools like fdisk, disktype, lshw ...
                > Also, don't forget to include support for as much as possible
                > filesystems.

                You might also take a look at the GRML live CD:
                http://grml.org/

                "grml is a bootable CD (Live-CD) originally based on
                Knoppix and nowadays based on Debian. grml includes a
                collection of GNU/Linux software especially for system
                administrator and users of texttools. grml provides
                automatic hardware detection. You can use grml (for
                example) as a rescue system, for analyzing systems/networks
                or as a working environment"
              • Mada R Perdhana
                Hi, i need some information about the ppl that I will write below. I need full name information and jobs or departement, cause I will include them on my thesis
                Message 7 of 11 , Jan 24, 2008
                  Hi, i need some information about the ppl that I will write below. I need full name information and jobs or departement, cause I will include them on my thesis thanks page. thanks

                  Mr. Brett Shavers
                  Mr. Michile Roukine
                  Mr. Harry Duncan
                  Mr. Calimello
                  Mr. Mark Furner
                  Mr. Christophe Monniez
                  Mr. Gary Funck

                  all ppl above are who response for my email.

                  best regards

                  Mada R Pedhana

                  Gary Funck <gary@...> wrote: On 12/10/07 21:49:30, Christophe Monniez wrote:
                  >
                  > Don't forget to include basic admin tools like fdisk, disktype, lshw ...
                  > Also, don't forget to include support for as much as possible
                  > filesystems.

                  You might also take a look at the GRML live CD:
                  http://grml.org/

                  "grml is a bootable CD (Live-CD) originally based on
                  Knoppix and nowadays based on Debian. grml includes a
                  collection of GNU/Linux software especially for system
                  administrator and users of texttools. grml provides
                  automatic hardware detection. You can use grml (for
                  example) as a rescue system, for analyzing systems/networks
                  or as a working environment"





                  "Never Trust an Operating System You don't have the Source for..."
                  "Closed Source for device Driver are ILLEGAL and not Ethical... act!"
                  "Isn't it, MS Windows a real multitasking OS?, Why? 'Cause It can boot and crash simultaneously!"
                  site: www.mrp-bpp.info.ms

                  ---------------------------------
                  Never miss a thing. Make Yahoo your homepage.

                  [Non-text portions of this message have been removed]
                • Tedi Heriyanto
                  Hi Mada, ... IMHO, by just putting their name on your thesis should be enough. Do you plan to publicize your thesis ?
                  Message 8 of 11 , Jan 25, 2008
                    Hi Mada,

                    --- Mada R Perdhana <mrp_bpp@...> wrote:

                    > Hi, i need some information about the ppl that I
                    > will write below. I need full name information and
                    > jobs or departement, cause I will include them on my
                    > thesis thanks page. thanks
                    >
                    > Mr. Brett Shavers
                    > Mr. Michile Roukine
                    > Mr. Harry Duncan
                    > Mr. Calimello
                    > Mr. Mark Furner
                    > Mr. Christophe Monniez
                    > Mr. Gary Funck
                    IMHO, by just putting their name on your thesis should
                    be enough.

                    Do you plan to publicize your thesis ?


                    ____________________________________________________________________________________
                    Be a better friend, newshound, and
                    know-it-all with Yahoo! Mobile. Try it now. http://mobile.yahoo.com/;_ylt=Ahu06i62sR8HDtDypao8Wcj9tAcJ
                  • Mada R Perdhana
                    Pak tedi, saya sebenarnya mahasiswa s1 yang pernah meminta masukan dari milis ini dan dari Mr. Barry J Grundy secara personal untuk skripsi saya. kalo boleh
                    Message 9 of 11 , Jan 25, 2008
                      Pak tedi, saya sebenarnya mahasiswa s1 yang pernah meminta masukan dari milis ini dan dari Mr. Barry J Grundy secara personal untuk skripsi saya.
                      kalo boleh tau pak tedi sekrg posisinya dimana? dan bekerja sebagai apa?

                      salam kenal
                      Mada R Perdhana


                      Tedi Heriyanto <tedi_heriyanto@...> wrote: Hi Mada,

                      --- Mada R Perdhana <mrp_bpp@...> wrote:

                      > Hi, i need some information about the ppl that I
                      > will write below. I need full name information and
                      > jobs or departement, cause I will include them on my
                      > thesis thanks page. thanks
                      >
                      > Mr. Brett Shavers
                      > Mr. Michile Roukine
                      > Mr. Harry Duncan
                      > Mr. Calimello
                      > Mr. Mark Furner
                      > Mr. Christophe Monniez
                      > Mr. Gary Funck
                      IMHO, by just putting their name on your thesis should
                      be enough.

                      Do you plan to publicize your thesis ?

                      __________________________________________________________
                      Be a better friend, newshound, and
                      know-it-all with Yahoo! Mobile. Try it now. http://mobile.yahoo.com/;_ylt=Ahu06i62sR8HDtDypao8Wcj9tAcJ






                      "Never Trust an Operating System You don't have the Source for..."
                      "Closed Source for device Driver are ILLEGAL and not Ethical... act!"
                      "Isn't it, MS Windows a real multitasking OS?, Why? 'Cause It can boot and crash simultaneously!"
                      site: www.mrp-bpp.info.ms

                      ---------------------------------
                      Be a better friend, newshound, and know-it-all with Yahoo! Mobile. Try it now.

                      [Non-text portions of this message have been removed]
                    • Mada R Perdhana
                      Hi all, I need some info about the relation between tax fraud with computer forensics, does anyone has a paper or article, about how we can solve the tax fraud
                      Message 10 of 11 , Jan 30, 2008
                        Hi all,

                        I need some info about the relation between tax fraud with computer forensics, does anyone has a paper or article, about how we can solve the tax fraud with computer forensics, and which area should a computer forensic examiner places himself on solving the problem.

                        thanks for your help,

                        best regards,

                        Mada R Perdhana


                        "Never Trust an Operating System You don't have the Source for..."
                        "Closed Source for device Driver are ILLEGAL and not Ethical... act!"
                        "Isn't it, MS Windows a real multitasking OS?, Why? 'Cause It can boot and crash simultaneously!"
                        site: www.mrp-bpp.info.ms

                        ---------------------------------
                        Be a better friend, newshound, and know-it-all with Yahoo! Mobile. Try it now.

                        [Non-text portions of this message have been removed]
                      • Mada R Perdhana
                        further more, how we could implement computer forensics on taxes departement :D does anyone can help me? Mada R Perdhana wrote: Hi all, I
                        Message 11 of 11 , Jan 30, 2008
                          further more, how we could implement computer forensics on taxes departement :D

                          does anyone can help me?

                          Mada R Perdhana <mrp_bpp@...> wrote:
                          Hi all,

                          I need some info about the relation between tax fraud with computer forensics, does anyone has a paper or article, about how we can solve the tax fraud with computer forensics, and which area should a computer forensic examiner places himself on solving the problem.

                          thanks for your help,

                          best regards,

                          Mada R Perdhana

                          "Never Trust an Operating System You don't have the Source for..."
                          "Closed Source for device Driver are ILLEGAL and not Ethical... act!"
                          "Isn't it, MS Windows a real multitasking OS?, Why? 'Cause It can boot and crash simultaneously!"
                          site: www.mrp-bpp.info.ms

                          ---------------------------------
                          Be a better friend, newshound, and know-it-all with Yahoo! Mobile. Try it now.

                          [Non-text portions of this message have been removed]






                          "Never Trust an Operating System You don't have the Source for..."
                          "Closed Source for device Driver are ILLEGAL and not Ethical... act!"
                          "Isn't it, MS Windows a real multitasking OS?, Why? 'Cause It can boot and crash simultaneously!"
                          site: www.mrp-bpp.info.ms

                          ---------------------------------
                          Looking for last minute shopping deals? Find them fast with Yahoo! Search.

                          [Non-text portions of this message have been removed]
                        Your message has been successfully submitted and would be delivered to recipients shortly.