Loading ...
Sorry, an error occurred while loading the content.
 

Re: USB storage device auditing

Expand Messages
  • anteko8
    farmerdude, Many thanks for that suggestion. I ll happily report back my progress if I get anywhere useful with the investigation. Right now I seem to have a
    Message 1 of 14 , May 5 12:50 PM
      farmerdude,

      Many thanks for that suggestion.

      I'll happily report back my progress if I get anywhere useful with the
      investigation.

      Right now I seem to have a huge amount to learn and this forum has
      been a great help, cheers!

      Ant

      --- In linux_forensics@yahoogroups.com, "farmerduderl" <subscribe@...>
      wrote:
      >
      > Ant,
      >
      > Absolutely. You can also try enabling usbfs_snoop via;
      >
      > modprobe usbcore usbfs_snoop=1
      >
      > -OR-
      >
      > echo y > /sys/module/usbcore/parameters/usbfs_snoop
      >
      >
      > Feel free to report back to the group your mileage and results if you
      > find what you're looking for.
      >
      > Cheers!
      >
      > farmerdude
      >
      >
      > http://www.forensicbootcd.com
      >
      > http://www.onlineforensictraining.com
      >
    • Stevens R. Miller
      Hi all, Based on a talk I gave last year to the Northern Virginia Linux Users Group, I ve been invited to speak on using Linux and open-source tools for
      Message 2 of 14 , May 9 10:58 AM
        Hi all,

        Based on a talk I gave last year to the Northern Virginia Linux Users'
        Group, I've been invited to speak on using Linux and open-source tools for
        forensics work. Here's the link:

        http://www.linuxworldexpo.com/live/12/conference//speakerlist#M

        If anyone on this group is planning to be there, please let me know and
        we'll hook up. (My talk will address rather basic forensic operations. If
        you're already up to speed with Linux forensics, don't feel obliged to
        come.)

        Stevens
      • ra g
        Dear Mr.Stevens Thanks for the offer. But for people who are far away in other countries will it be possible for you to share your slides / discussions with
        Message 3 of 14 , May 9 11:10 PM
          Dear Mr.Stevens

          Thanks for the offer. But for people who are far away in other countries will it be possible for you to share your slides / discussions with the members of the forum.

          Thanks in advance.

          R


          --- On Fri, 5/9/08, Stevens R. Miller <smiller@...> wrote:

          > From: Stevens R. Miller <smiller@...>
          > Subject: [linux_forensics] Computer Forensics at LinuxWorld
          > To: linux_forensics@yahoogroups.com
          > Date: Friday, May 9, 2008, 7:58 PM
          > Hi all,
          >
          > Based on a talk I gave last year to the Northern Virginia
          > Linux Users'
          > Group, I've been invited to speak on using Linux and
          > open-source tools for
          > forensics work. Here's the link:
          >
          > http://www.linuxworldexpo.com/live/12/conference//speakerlist#M
          >
          > If anyone on this group is planning to be there, please let
          > me know and
          > we'll hook up. (My talk will address rather basic
          > forensic operations. If
          > you're already up to speed with Linux forensics,
          > don't feel obliged to
          > come.)
          >
          > Stevens
          >
          >
          >
          > ------------------------------------
          >
          > Yahoo! Groups Links
          >
          >
          >

          ____________________________________________________________________________________
          Be a better friend, newshound, and
          know-it-all with Yahoo! Mobile. Try it now. http://mobile.yahoo.com/;_ylt=Ahu06i62sR8HDtDypao8Wcj9tAcJ
        • Stevens R. Miller
          I m sure we can do something like that. I expect LinuxWorld would claim a copyright in the compilation of their expo materials, but I should still have the
          Message 4 of 14 , May 10 1:40 PM
            I'm sure we can do something like that. I expect LinuxWorld would claim a
            copyright in the compilation of their expo materials, but I should still
            have the rights to my own items. If anyone else wants them, send me an
            e-mail.

            Stevens


            > -----Original Message-----
            > From: linux_forensics@yahoogroups.com
            > [mailto:linux_forensics@yahoogroups.com]On Behalf Of ra g
            > Sent: Saturday, May 10, 2008 2:11 AM
            > To: linux_forensics@yahoogroups.com
            > Subject: Re: [linux_forensics] Computer Forensics at LinuxWorld
            >
            >
            > Dear Mr.Stevens
            >
            > Thanks for the offer. But for people who are far away in other
            > countries will it be possible for you to share your slides /
            > discussions with the members of the forum.
            >
            > Thanks in advance.
            >
            > R
            >
            >
            > --- On Fri, 5/9/08, Stevens R. Miller <smiller@...> wrote:
            >
            > > From: Stevens R. Miller <smiller@...>
            > > Subject: [linux_forensics] Computer Forensics at LinuxWorld
            > > To: linux_forensics@yahoogroups.com
            > > Date: Friday, May 9, 2008, 7:58 PM
            > > Hi all,
            > >
            > > Based on a talk I gave last year to the Northern Virginia
            > > Linux Users'
            > > Group, I've been invited to speak on using Linux and
            > > open-source tools for
            > > forensics work. Here's the link:
            > >
            > > http://www.linuxworldexpo.com/live/12/conference//speakerlist#M
            > >
            > > If anyone on this group is planning to be there, please let
            > > me know and
            > > we'll hook up. (My talk will address rather basic
            > > forensic operations. If
            > > you're already up to speed with Linux forensics,
            > > don't feel obliged to
            > > come.)
            > >
            > > Stevens
            > >
            > >
            > >
            > > ------------------------------------
            > >
            > > Yahoo! Groups Links
            > >
            > >
            > >
            >
            >
            > __________________________________________________________________
            > __________________
            > Be a better friend, newshound, and
            > know-it-all with Yahoo! Mobile. Try it now.
            http://mobile.yahoo.com/;_ylt=Ahu06i62sR8HDtDypao8Wcj9tAcJ

            ------------------------------------

            Yahoo! Groups Links
          • Jim Gordon
            Hi Stevens, Can you please forward a copy of your presentation. I live in the UK and can¹t get over for linux world. Regards Jim Gordon Computer Forensic
            Message 5 of 14 , May 10 2:01 PM
              Hi Stevens,

              Can you please forward a copy of your presentation. I live in the UK and
              can¹t get over for linux world.

              Regards

              Jim Gordon
              Computer Forensic Analyst
              West Mercia Constabulary


              On 10/5/08 21:40, "Stevens R. Miller" <smiller@...> wrote:

              >
              >
              >
              > I'm sure we can do something like that. I expect LinuxWorld would claim a
              > copyright in the compilation of their expo materials, but I should still
              > have the rights to my own items. If anyone else wants them, send me an
              > e-mail.
              >
              > Stevens
              >
              >> > -----Original Message-----
              >> > From: linux_forensics@yahoogroups.com
              >> <mailto:linux_forensics%40yahoogroups.com>
              >> > [mailto:linux_forensics@yahoogroups.com
              >> <mailto:linux_forensics%40yahoogroups.com> ]On Behalf Of ra g
              >> > Sent: Saturday, May 10, 2008 2:11 AM
              >> > To: linux_forensics@yahoogroups.com
              >> <mailto:linux_forensics%40yahoogroups.com>
              >> > Subject: Re: [linux_forensics] Computer Forensics at LinuxWorld
              >> >
              >> >
              >> > Dear Mr.Stevens
              >> >
              >> > Thanks for the offer. But for people who are far away in other
              >> > countries will it be possible for you to share your slides /
              >> > discussions with the members of the forum.
              >> >
              >> > Thanks in advance.
              >> >
              >> > R
              >> >
              >> >
              >> > --- On Fri, 5/9/08, Stevens R. Miller <smiller@...
              >> <mailto:smiller%40novadatalabs.com> > wrote:
              >> >
              >>> > > From: Stevens R. Miller <smiller@...
              >>> <mailto:smiller%40novadatalabs.com> >
              >>> > > Subject: [linux_forensics] Computer Forensics at LinuxWorld
              >>> > > To: linux_forensics@yahoogroups.com
              >>> <mailto:linux_forensics%40yahoogroups.com>
              >>> > > Date: Friday, May 9, 2008, 7:58 PM
              >>> > > Hi all,
              >>> > >
              >>> > > Based on a talk I gave last year to the Northern Virginia
              >>> > > Linux Users'
              >>> > > Group, I've been invited to speak on using Linux and
              >>> > > open-source tools for
              >>> > > forensics work. Here's the link:
              >>> > >
              >>> > > http://www.linuxworldexpo.com/live/12/conference//speakerlist#M
              >>> > >
              >>> > > If anyone on this group is planning to be there, please let
              >>> > > me know and
              >>> > > we'll hook up. (My talk will address rather basic
              >>> > > forensic operations. If
              >>> > > you're already up to speed with Linux forensics,
              >>> > > don't feel obliged to
              >>> > > come.)
              >>> > >
              >>> > > Stevens
              >>> > >
              >>> > >
              >>> > >
              >>> > > ------------------------------------
              >>> > >
              >>> > > Yahoo! Groups Links
              >>> > >
              >>> > >
              >>> > >
              >> >
              >> >
              >> > __________________________________________________________
              >> > __________________
              >> > Be a better friend, newshound, and
              >> > know-it-all with Yahoo! Mobile. Try it now.
              > http://mobile.yahoo.com/;_ylt=Ahu06i62sR8HDtDypao8Wcj9tAcJ
              >
              > ------------------------------------
              >
              > Yahoo! Groups Links
              >
              >
              >




              [Non-text portions of this message have been removed]
            • karthick
              Dear Stevens, Hope the complete group is very much interested in this, can you please arrange a presentation for those who cannot attend the meeting. Regards,
              Message 6 of 14 , May 11 3:16 AM
                Dear Stevens,

                Hope the complete group is very much interested in this, can you please arrange a presentation for those who cannot attend the meeting.


                Regards,
                Karthick








                ----- Original Message ----
                From: Stevens R. Miller <smiller@...>
                To: linux_forensics@yahoogroups.com
                Sent: Saturday, 10 May, 2008 11:40:10 PM
                Subject: RE: [linux_forensics] Computer Forensics at LinuxWorld


                I'm sure we can do something like that. I expect LinuxWorld would claim a
                copyright in the compilation of their expo materials, but I should still
                have the rights to my own items. If anyone else wants them, send me an
                e-mail.

                Stevens

                > -----Original Message-----
                > From: linux_forensics@ yahoogroups. com
                > [mailto:linux_forensics@ yahoogroups. com]On Behalf Of ra g
                > Sent: Saturday, May 10, 2008 2:11 AM
                > To: linux_forensics@ yahoogroups. com
                > Subject: Re: [linux_forensics] Computer Forensics at LinuxWorld
                >
                >
                > Dear Mr.Stevens
                >
                > Thanks for the offer. But for people who are far away in other
                > countries will it be possible for you to share your slides /
                > discussions with the members of the forum.
                >
                > Thanks in advance.
                >
                > R
                >
                >
                > --- On Fri, 5/9/08, Stevens R. Miller <smiller@novadatalab s.com> wrote:
                >
                > > From: Stevens R. Miller <smiller@novadatalab s.com>
                > > Subject: [linux_forensics] Computer Forensics at LinuxWorld
                > > To: linux_forensics@ yahoogroups. com
                > > Date: Friday, May 9, 2008, 7:58 PM
                > > Hi all,
                > >
                > > Based on a talk I gave last year to the Northern Virginia
                > > Linux Users'
                > > Group, I've been invited to speak on using Linux and
                > > open-source tools for
                > > forensics work. Here's the link:
                > >
                > > http://www.linuxwor ldexpo.com/ live/12/conferen ce//speakerlist# M
                > >
                > > If anyone on this group is planning to be there, please let
                > > me know and
                > > we'll hook up. (My talk will address rather basic
                > > forensic operations. If
                > > you're already up to speed with Linux forensics,
                > > don't feel obliged to
                > > come.)
                > >
                > > Stevens
                > >
                > >
                > >
                > > ------------ --------- --------- ------
                > >
                > > Yahoo! Groups Links
                > >
                > >
                > >
                >
                >
                > ____________ _________ _________ _________ _________ _________ _
                > ____________ ______
                > Be a better friend, newshound, and
                > know-it-all with Yahoo! Mobile. Try it now.
                http://mobile. yahoo.com/ ;_ylt=Ahu06i62sR 8HDtDypao8Wcj9tA cJ

                ------------ --------- --------- ------

                Yahoo! Groups Links




                Unlimited freedom, unlimited storage. Get it now, on http://help.yahoo.com/l/in/yahoo/mail/yahoomail/tools/tools-08.html/

                [Non-text portions of this message have been removed]
              • Mada R Perdhana
                It would be great if the ppl on this group, could also receive the presentation materials :D best regards, Mada R Perdhana karthick
                Message 7 of 14 , May 11 8:39 PM
                  It would be great if the ppl on this group, could also receive the presentation materials :D

                  best regards,
                  Mada R Perdhana

                  karthick <ct_karthick@...> wrote:

                  Dear Stevens,

                  Hope the complete group is very much interested in this, can you please arrange a presentation for those who cannot attend the meeting.

                  Regards,
                  Karthick

                  ----- Original Message ----
                  From: Stevens R. Miller <smiller@...>
                  To: linux_forensics@yahoogroups.com
                  Sent: Saturday, 10 May, 2008 11:40:10 PM
                  Subject: RE: [linux_forensics] Computer Forensics at LinuxWorld

                  I'm sure we can do something like that. I expect LinuxWorld would claim a
                  copyright in the compilation of their expo materials, but I should still
                  have the rights to my own items. If anyone else wants them, send me an
                  e-mail.

                  Stevens

                  > -----Original Message-----
                  > From: linux_forensics@ yahoogroups. com
                  > [mailto:linux_forensics@ yahoogroups. com]On Behalf Of ra g
                  > Sent: Saturday, May 10, 2008 2:11 AM
                  > To: linux_forensics@ yahoogroups. com
                  > Subject: Re: [linux_forensics] Computer Forensics at LinuxWorld
                  >
                  >
                  > Dear Mr.Stevens
                  >
                  > Thanks for the offer. But for people who are far away in other
                  > countries will it be possible for you to share your slides /
                  > discussions with the members of the forum.
                  >
                  > Thanks in advance.
                  >
                  > R
                  >
                  >
                  > --- On Fri, 5/9/08, Stevens R. Miller <smiller@novadatalab s.com> wrote:
                  >
                  > > From: Stevens R. Miller <smiller@novadatalab s.com>
                  > > Subject: [linux_forensics] Computer Forensics at LinuxWorld
                  > > To: linux_forensics@ yahoogroups. com
                  > > Date: Friday, May 9, 2008, 7:58 PM
                  > > Hi all,
                  > >
                  > > Based on a talk I gave last year to the Northern Virginia
                  > > Linux Users'
                  > > Group, I've been invited to speak on using Linux and
                  > > open-source tools for
                  > > forensics work. Here's the link:
                  > >
                  > > http://www.linuxwor ldexpo.com/ live/12/conferen ce//speakerlist# M
                  > >
                  > > If anyone on this group is planning to be there, please let
                  > > me know and
                  > > we'll hook up. (My talk will address rather basic
                  > > forensic operations. If
                  > > you're already up to speed with Linux forensics,
                  > > don't feel obliged to
                  > > come.)
                  > >
                  > > Stevens
                  > >
                  > >
                  > >
                  > > ------------ --------- --------- ------
                  > >
                  > > Yahoo! Groups Links
                  > >
                  > >
                  > >
                  >
                  >
                  > ____________ _________ _________ _________ _________ _________ _
                  > ____________ ______
                  > Be a better friend, newshound, and
                  > know-it-all with Yahoo! Mobile. Try it now.
                  http://mobile. yahoo.com/ ;_ylt=Ahu06i62sR 8HDtDypao8Wcj9tA cJ

                  ------------ --------- --------- ------

                  Yahoo! Groups Links

                  Unlimited freedom, unlimited storage. Get it now, on http://help.yahoo.com/l/in/yahoo/mail/yahoomail/tools/tools-08.html/

                  [Non-text portions of this message have been removed]






                  "Never Trust an Operating System You don't have the Source for..."
                  "Closed Source for device Driver are ILLEGAL and not Ethical... act!"
                  "Isn't it, MS Windows a real multitasking OS?, Why? 'Cause It can boot and crash simultaneously!"
                  site: www.mrp-bpp.net

                  ---------------------------------
                  Be a better friend, newshound, and know-it-all with Yahoo! Mobile. Try it now.

                  [Non-text portions of this message have been removed]
                • mike bennett
                  To All As a new user of linux and helix i but a windows tools forensic user i would be very much interested in any presenations that give more tools for my
                  Message 8 of 14 , May 11 10:21 PM
                    To All

                    As a new user of linux and helix i but a windows tools forensic user
                    i would be very much interested in any presenations that give more
                    tools for my chest.
                    i hope that the presentation is made available so that i can see
                    what i can do without windows.

                    Mike Bennett
                    Warwickshire Police UK.

                    --- In linux_forensics@yahoogroups.com, Mada R Perdhana
                    <mrp_bpp@...> wrote:
                    >
                    > It would be great if the ppl on this group, could also receive
                    the presentation materials :D
                    >
                    > best regards,
                    > Mada R Perdhana
                    >
                    > karthick <ct_karthick@...> wrote:
                    >
                    > Dear Stevens,
                    >
                    > Hope the complete group is very much interested in this, can you
                    please arrange a presentation for those who cannot attend the
                    meeting.
                    >
                    > Regards,
                    > Karthick
                    >
                    > ----- Original Message ----
                    > From: Stevens R. Miller <smiller@...>
                    > To: linux_forensics@yahoogroups.com
                    > Sent: Saturday, 10 May, 2008 11:40:10 PM
                    > Subject: RE: [linux_forensics] Computer Forensics at LinuxWorld
                    >
                    > I'm sure we can do something like that. I expect LinuxWorld
                    would claim a
                    > copyright in the compilation of their expo materials, but I
                    should still
                    > have the rights to my own items. If anyone else wants them, send
                    me an
                    > e-mail.
                    >
                    > Stevens
                    >
                    > > -----Original Message-----
                    > > From: linux_forensics@ yahoogroups. com
                    > > [mailto:linux_forensics@ yahoogroups. com]On Behalf Of ra g
                    > > Sent: Saturday, May 10, 2008 2:11 AM
                    > > To: linux_forensics@ yahoogroups. com
                    > > Subject: Re: [linux_forensics] Computer Forensics at LinuxWorld
                    > >
                    > >
                    > > Dear Mr.Stevens
                    > >
                    > > Thanks for the offer. But for people who are far away in other
                    > > countries will it be possible for you to share your slides /
                    > > discussions with the members of the forum.
                    > >
                    > > Thanks in advance.
                    > >
                    > > R
                    > >
                    > >
                    > > --- On Fri, 5/9/08, Stevens R. Miller <smiller@novadatalab
                    s.com> wrote:
                    > >
                    > > > From: Stevens R. Miller <smiller@novadatalab s.com>
                    > > > Subject: [linux_forensics] Computer Forensics at LinuxWorld
                    > > > To: linux_forensics@ yahoogroups. com
                    > > > Date: Friday, May 9, 2008, 7:58 PM
                    > > > Hi all,
                    > > >
                    > > > Based on a talk I gave last year to the Northern Virginia
                    > > > Linux Users'
                    > > > Group, I've been invited to speak on using Linux and
                    > > > open-source tools for
                    > > > forensics work. Here's the link:
                    > > >
                    > > > http://www.linuxwor ldexpo.com/ live/12/conferen
                    ce//speakerlist# M
                    > > >
                    > > > If anyone on this group is planning to be there, please let
                    > > > me know and
                    > > > we'll hook up. (My talk will address rather basic
                    > > > forensic operations. If
                    > > > you're already up to speed with Linux forensics,
                    > > > don't feel obliged to
                    > > > come.)
                    > > >
                    > > > Stevens
                    > > >
                    > > >
                    > > >
                    > > > ------------ --------- --------- ------
                    > > >
                    > > > Yahoo! Groups Links
                    > > >
                    > > >
                    > > >
                    > >
                    > >
                    > > ____________ _________ _________ _________ _________ _________ _
                    > > ____________ ______
                    > > Be a better friend, newshound, and
                    > > know-it-all with Yahoo! Mobile. Try it now.
                    > http://mobile. yahoo.com/ ;_ylt=Ahu06i62sR 8HDtDypao8Wcj9tA cJ
                    >
                    > ------------ --------- --------- ------
                    >
                    > Yahoo! Groups Links
                    >
                    > Unlimited freedom, unlimited storage. Get it now, on
                    http://help.yahoo.com/l/in/yahoo/mail/yahoomail/tools/tools-08.html/
                    >
                    > [Non-text portions of this message have been removed]
                    >
                    >
                    >
                    >
                    >
                    >
                    > "Never Trust an Operating System You don't have the Source for..."
                    > "Closed Source for device Driver are ILLEGAL and not Ethical...
                    act!"
                    > "Isn't it, MS Windows a real multitasking OS?, Why? 'Cause It can
                    boot and crash simultaneously!"
                    > site: www.mrp-bpp.net
                    >
                    > ---------------------------------
                    > Be a better friend, newshound, and know-it-all with Yahoo!
                    Mobile. Try it now.
                    >
                    > [Non-text portions of this message have been removed]
                    >
                  • farmerdude
                    Mike, If you haven t already stumbled upon them I have a few PDFs from long ago over at http://www.crazytrain.com Cheers! farmerdude
                    Message 9 of 14 , May 12 6:56 AM
                      Mike,

                      If you haven't already stumbled upon them I have a few PDFs from long
                      ago over at

                      http://www.crazytrain.com


                      Cheers!

                      farmerdude


                      http://www.forensicbootcd.com

                      http://www.onlineforensictraining.com




                      On Mon, 2008-05-12 at 05:21 +0000, mike bennett wrote:
                      > To All
                      >
                      > As a new user of linux and helix i but a windows tools forensic user
                      > i would be very much interested in any presenations that give more
                      > tools for my chest.
                      > i hope that the presentation is made available so that i can see
                      > what i can do without windows.
                      >
                      > Mike Bennett
                      > Warwickshire Police UK.
                      >
                      --
                      ********NOTICE*******
                      This e-mail message and all attachments may contain legally privileged
                      and confidential information intended solely for the use of the
                      addressee. If you are not the intended recipient, please be advised that
                      any reading, dissemination, copying, or other use of this message or its
                      attachments is prohibited. If you have received this message in error,
                      please notify the sender immediately by return e-mail and delete this
                      message and all copies and backups thereof.
                      **Thank You**
                    Your message has been successfully submitted and would be delivered to recipients shortly.