Welcome to Scribd, the world's digital library. Read, publish, and share books and documents. See more
Download
Standard view
Full view
of .
Save to My Library
Look up keyword or section
Like this
35Activity

Table Of Contents

0 of .
Results for:
No results containing your search query
P. 1
A Practitioner's Guide to Linux as a Computer Forensic Platform

A Practitioner's Guide to Linux as a Computer Forensic Platform

Ratings: (0)|Views: 2,114 |Likes:
Published by jformica
The law enforcement and forensic examiner's introduction to Linux.
The law enforcement and forensic examiner's introduction to Linux.

More info:

Published by: jformica on Jul 12, 2010
Copyright:Attribution Non-commercial

Availability:

Read on Scribd mobile: iPhone, iPad and Android.
download as PDF, TXT or read online from Scribd
See more
See less

04/04/2013

pdf

text

original

 
 
 A Practitioner's Guide to Linux as a ComputerForensic Platform
Barry J. Grundy bgrundy@LinuxLEO.com
 VER 3.78December 2008
 
v. 3.78 The Law Enforcement and Forensic Examiner's Introduction to Linux 
L
EGALITIES
..........................................................................................................................................4 A 
CKNOWLEDGMENTS
..............................................................................................................................4F
OREWORD
..........................................................................................................................................5 A 
 WORD
 
 ABOUT
 
THE
“GNU”
IN
GNU/L
INUX 
...........................................................................................6 W 
HY 
L
EARN
L
INUX 
?..............................................................................................................................6C
ONVENTIONS
 
USED
 
IN
 
THIS
 
DOCUMENT
.....................................................................................................7
I. INSTALLATION..........................................................................................................................8
D
ISTRIBUTIONS
.....................................................................................................................................8SLACKWARE
 AND
U
SING
 
THIS
G
UIDE
................................................................................................11I
NSTALLATION
M
ETHODS
......................................................................................................................12S
LACKWARE
I
NSTALLATION
N
OTES
..........................................................................................................12D
ESKTOP
E
NVIRONMENT
.......................................................................................................................16T
HE
L
INUX 
ERNEL
: V 
ERSIONS
 
 AND
I
SSUES
..............................................................................................16C
ONFIGURING
S
LACKWARE
12: 2.6
KERNEL
 
CONSIDERATIONS
.......................................................................19
UDEV 
..........................................................................................................................................19H
 ARDWARE
BSTRACTION
L
 AYER
......................................................................................................20
D
-
BUS
........................................................................................................................................202.6 K 
ERNEL
 
 AND
D
ESKTOPS
............................................................................................................21“R
OLLING
 
 YOUR
 
OWN
” - T
HE
C
USTOM
ERNEL
.........................................................................................21
II. LINUX DISKS, PARTITIONS AND THE FILE SYSTEM...........................................................23
D
ISKS
...............................................................................................................................................23P
 ARTITIONS
.......................................................................................................................................23U
SING
 
MODULES
– L
INUX 
D
RIVERS
.........................................................................................................25D
EVICE
R
ECOGNITION
..........................................................................................................................27T
HE
F
ILE
S
 YSTEM
...............................................................................................................................28
III. THE LINUX BOOT SEQUENCE (SIMPLIFIED).....................................................................30
B
OOTING
 
THE
 
KERNEL
..........................................................................................................................30I
NITIALIZATION
...................................................................................................................................32R
UNLEVEL
.........................................................................................................................................32G
LOBAL
S
TARTUP
S
CRIPTS
....................................................................................................................33S
ERVICE
S
TARTUP
S
CRIPTS
....................................................................................................................33B
 ASH
...............................................................................................................................................34
IV. LINUX COMMANDS..............................................................................................................36
L
INUX 
 
 AT
 
THE
 
TERMINAL
.......................................................................................................................36 A 
DDITIONAL
 
USEFUL
 
COMMANDS
............................................................................................................39F
ILE
P
ERMISSIONS
...............................................................................................................................41M
ETACHARACTERS
...............................................................................................................................44C
OMMAND
H
INTS
...............................................................................................................................44P
IPES
 
 AND
R
EDIRECTION
.......................................................................................................................44T
HE
S
UPER
U
SER
...............................................................................................................................46
 V. EDITING WITH VI...................................................................................................................47
T
HE
J
OY 
 
OF
I
...................................................................................................................................47 V 
I
 
COMMAND
 
SUMMARY 
.......................................................................................................................48
 VI. MOUNTING FILE SYSTEMS..................................................................................................49
T
HE
M
OUNT
C
OMMAND
......................................................................................................................49T
HE
 
FILE
 
SYSTEM
 
TABLE
(/
ETC
/
FSTAB
).....................................................................................................51
Barry J. Grundy 
2
 
v. 3.78 The Law Enforcement and Forensic Examiner's Introduction to Linux 
 VII. LINUX AND FORENSICS......................................................................................................53
I
NCLUDED
F
ORENSIC
T
OOLS
..................................................................................................................53 A 
NALYSIS
 
ORGANIZATION
.......................................................................................................................54D
ETERMINING
 
THE
 
STRUCTURE
 
OF
 
THE
 
DISK 
..............................................................................................55C
REATING
 
 A 
 
FORENSIC
 
IMAGE
 
OF
 
THE
 
SUSPECT
 
DISK 
.....................................................................................56M
OUNTING
 
 A 
 
RESTORED
 
IMAGE
...............................................................................................................57M
OUNTING
 
THE
 
IMAGE
 
USING
 
THE
 
LOOPBACK 
 
DEVICE
...................................................................................58F
ILE
H
 ASH
........................................................................................................................................58T
HE
NALYSIS
....................................................................................................................................61M
 AKING
 
 A 
L
IST
 
OF
LL
F
ILES
...............................................................................................................62M
 AKING
 
 A 
L
IST
 
OF
F
ILE
T
 YPES
...............................................................................................................63 V 
IEWING
F
ILES
...................................................................................................................................65S
EARCHING
U
NALLOCATED
 
 AND
S
LACK 
S
PACE
 
FOR
T
EXT
..............................................................................66
 VIII. COMMON FORENSIC ISSUES............................................................................................70
H
 ANDLING
L
 ARGE
D
ISKS
......................................................................................................................70P
REPARING
 
 A 
D
ISK 
 
FOR
 
THE
S
USPECT
I
MAGE
.............................................................................................72O
BTAINING
D
ISK 
I
NFORMATION
.............................................................................................................74
IX. ADVANCED (BEGINNER) FORENSICS..................................................................................76
T
HE
C
OMMAND
L
INE
 
ON
S
TEROIDS
.........................................................................................................76F
UN
 
 WITH
DD..................................................................................................................................84S
PLITTING
F
ILES
 
 AND
I
MAGES
.................................................................................................................84C
OMPRESSION
 
ON
 
THE
F
LY 
 
 WITH
DD......................................................................................................87D
 ATA 
C
 ARVING
 
 WITH
DD....................................................................................................................91C
 ARVING
P
 ARTITIONS
 
 WITH
DD.............................................................................................................94D
ETERMINING
 
THE
S
UBJECT
D
ISK 
F
ILE
S
 YSTEM
S
TRUCTURE
.........................................................................98DD O
 VER
 
THE
IRE
.........................................................................................................................101
 X. ADVANCED FORENSIC TOOLS............................................................................................104
 A 
LTERNATIVE
I
MAGING
T
OOLS
..............................................................................................................106
DC
3
DD
.....................................................................................................................................106
DDRESCUE
.................................................................................................................................113B
 AD
S
ECTORS
-
DDRESCUE
............................................................................................................119B
 AD
S
ECTORS
DC
3
DD
................................................................................................................122B
 AD
S
ECTOR
CQUISITION
- C
ONCLUSIONS
......................................................................................124LIBEWF - W 
ORKING
 
 WITH
E
 XPERT
ITNESS
F
ILES
................................................................................125S
LEUTHKIT
......................................................................................................................................134S
LEUTHKIT
I
NSTALLATION
 
 AND
S
 YSTEM
P
REP
...........................................................................................136S
LEUTHKIT
E
 XERCISES
........................................................................................................................138S
LEUTHKIT
E
 XERCISE
#1 – D
ELETED
F
ILE
I
DENTIFICATION
 
 AND
R
ECOVERY 
.....................................................139S
LEUTHKIT
E
 XERCISE
#2 – P
HYSICAL
S
TRING
S
EARCH
& A 
LLOCATION
S
TATUS
................................................150S
LEUTHKIT
E
 XERCISE
#3 – U
NALLOCATED
E
 XTRACTION
& E
 XAMINATION
.......................................................157S
LEUTHKIT
E
 XERCISE
#4 – NTFS E
 XAMINATION
: F
ILE
NALYSIS
................................................................163S
LEUTHKIT
E
 XERCISE
#5 – NTFS E
 XAMINATION
: ADS............................................................................168S
LEUTHKIT
E
 XERCISE
#6 – NTFS E
 XAMINATION
: S
ORTING
F
ILES
................................................................171S
LEUTHKIT
E
 XERCISE
#7 – S
IGNATURE
S
EARCH
 
IN
U
NALLOCATED
S
PACE
.......................................................174SMART
FOR
L
INUX 
.........................................................................................................................179SMART F
ILTERING
..........................................................................................................................185SMART F
ILTERING
– V 
IEWING
G
RAPHICS
F
ILES
.....................................................................................187SMART S
EARCHING
.........................................................................................................................189
 XI. BOOTABLE LINUX DISTRIBUTIONS..................................................................................194
Barry J. Grundy 
3

Activity (35)

You've already reviewed this. Edit your review.
1 hundred reads
1 thousand reads
BSASciti liked this
BSASciti liked this
urbano46190bis liked this
Jawaid Iqbal liked this
Manu Zacharia liked this
Manu Zacharia liked this
Lotustamil liked this
Max Chow liked this

You're Reading a Free Preview

Download
/*********** DO NOT ALTER ANYTHING BELOW THIS LINE ! ************/ var s_code=s.t();if(s_code)document.write(s_code)//-->