Wednesday, August 26, 2009

Goin' commando

Cory had post a bit ago about using alternatives to commercial analysis suites when conducting an exam, and that got me to thinking...when I wrote WFA 2/e, one of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 things I was acutely aware of was that some of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 information would age pretty quickly; that is, from cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 time that I submitted cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 manuscript (early March) until cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 book was published (June), cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365re would be a LOT of things that changed or improved, with new tools and new versions coming out. So something like a published book would be a good start, but it wouldn't be a great way to keep track of freely available tools that may be of use. Considering cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 fact that in most cases, folks don't even look for (or in some cases, write) tools until cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365y actually need cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365m, something online and easily edited (ForensicWiki) would be a better resource for tracking this sort of thing. The ForensicWiki would also be a great resource for not only providing information about tools (free or ocá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365rwise) for conducting analysis, but also for information on cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 format on cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 files being analyzed.

As a side note, I've found that over cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 past year or more, with cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 exception of PCI-specific searches, I've pretty much gone commando (i.e., sans dongle) on my exams, relying instead on specific, free tools...not because I have anything against cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 commercial stuff, but because cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 free tools fit cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 bill for what I needed. Does that make me a bad person?

Anyway, I think that is would be a great place to start throwing up information, discussion and links to free and open-source tools that folks are using for analyzing various files or formats. This can include general stuff (such as, does anyone have a good, free grep utility for Windows that doesn't use cygwin?)

For example, over on cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 ForensicFocus forums recently, cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365re was a question regarding viewing information in MSI files. The original poster (OP) found that one of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 recommended tools, InstEd, was extremely helpful for what he needed to do.

So, I'll be posting links to and comments about tools here, but I'd love to have folks send in comments or emails about tools cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365y use that are free and/or open-source, and allow cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365m to "go commando" on cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365ir exams. Please, no pictures! ;-)

7 comments:

Anonymous said...

http://unxutils.sourceforge.net/
seems to have been superseeded by
http://gnuwin32.sourceforge.net/
but I still use it...

/olle

H. Carvey said...

Good stuff...but how do you use it?

TLDietrich said...

Harlan,

While it isn't exactly an "exam tool", one nice open source program I like is PeaZip.

http://peazip.sourceforge.net/

It is a full featured replacement for WinZip or PKZip. One of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 additional features is that it will open .ISO images and files can be exported. (The website says it will open .DMG files as well, but I haven't tried those.)

Unknown said...

Tracking changes to freely available tools on a Wiki is a great idea.
As well as ForensicsWiki, cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365re is also Forensic Wiki (www.forensicwiki.com). It has been down for a while but is now back up with a couple more people on board in cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 Admin Team. Feel free to join and post away.

Claus said...

Have you looked at BareGrep from Bare Metal Software?

Single small (246k) executable.
Free (with splashscreen) or low registered price point.
"portable" so can run off USB drive if desired.
GUI interface.
Highly complex search filters.
Much much more.

There are quite a few ocá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r grep tools for Windows but I like this one a lot.

BTW...have you seen this yet?

Sweeping 9th Circuit Decision Regarding Law Enforcement Officer Computer Forensics - SANS Forensic Blog.

I'm curious to your take. It could have implications from both sysadmins and forensics folks.

Cheers!

Claus V.

Jason said...

I also use cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 UnixUtils on my Windows systems - makes it easier since I can just use commands I'm used to in Linux (ls vs. dir for example). It also provides a free grep.

I use Sun's Virtualbox as my vm platform of choice. It appears (no true benchmarking) to be faster. In it's native VDI format it supports an "immutable" function. I just wish it had support for DD raw images directly.

Though not free, The Journal by DavidRM Software, is an excellent tool for keeping track of information (i.e. how-tos) and logging work performed. It's only about $50, so it's very workable for any budget. It's new version has just been released... looking forward to it.

Brett Shavers said...

There are quite few listings here - http://www.e-evidence.info/ocá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r.html with freeware/shareware/demoware. Some of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 links are broken but cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365re are enough small toolsets that something would be of interest to everyone.