Security Basics mailing list archives
WG: Questions concerning computer forensics
From: Meidinger Christopher <christopher.meidinger () badenIT de>
Date: Thu, 26 Jun 2003 08:52:05 +0100
Wow you really sound like a college student! I don't want to be facetious, but the big or real answer to most of those quetions is RTFM :0 (Or STFG - Search the Friendly Google) Anyway, a couple of real answers: 1. Extremly closely. You need to understand security to know what you are seeing forensically and to know what to look for. See answer 5. 2. Um, i have no idea whether Palm forensics is necessary. My Opinion: At a governmental level: probably there is need for people that can do it. They need to extract evidence from everywhere they can in an evolving technological world. On a corporate level, probably almost none. Most forensics guys spend their days trying to see what happened on a machine that got hacked, not trying to find information from someone else's machine to prosecute them. 3. Yes, millions, keep looking. Ummmmm stuff like coroner's toolkit, or F.I.R.E. would be places to start. (Google is your friend) Sourceforge is not a bad thing! As far as getting linux installed, that is a humongous MUST for you. If you need help getting linux running, you can email me, it would be happy to help with any questions. 4. Yes, thousands. Amazon.com is also your friend. This kind of question is impossible to answer. If you ask something like 'i need a better book on that specific point or about that subject' or 'does anyone know a whitepaper dealing with this and that problem' we can help you better. 5. It's the same job really, just with different specialties. Think of it like a pathologist, he and the surgeon are both doctors, but they perform their jobs at different times. They both have the same medical training, just as security people and forensic people have the same area of expertise. Just the security guy is preventing getting rooted and the forensics guy is seeing how he got rooted. Sorry that it's short and snippy, but i wanted to be sure you got an answer. badenIT GmbH System Support Chris Meidinger Tullastrasse 70 79108 Freiburg -----Ursprüngliche Nachricht----- Von: Joe Lindsay [mailto:josephlindsay11182 () hotmail com] Gesendet: Tuesday, June 24, 2003 7:39 PM An: security-basics () securityfocus com Betreff: Questions concerning computer forensics I am currently a senior in college and I am looking to go into computer forensics. Right now i am currently teaching myself some of the tehniques used in doing Win2k and some *nix investigation. I am a computer science and information systems major. I just have some questions about computer forensics in general. 1. How closely related are computer forensics and security? 2. I have done palm programming, and I read an article about palms being used to prosecute. Is there a growing need for palm forensics? 3. I have some tools, but they are from sourceforge. Are there any freeware or trialware available for Win2k machine(sadly been unable to get linux installed, tried many different distros :-<)? 4. I am currently reading Computer Forensics: Incident Response Essentials by Warren Kruse and Jay Heiser, are there any other books and/or whitepapers that anyone can suggest? 5. Is there a growing need for computer forensics in the work place? Does the security analyst or consultant double up as computer forensic analyst or security investigator? Thank you for your time, Joe Lindsay _________________________________________________________________ The new MSN 8: smart spam protection and 2 months FREE* http://join.msn.com/?page=features/junkmail --------------------------------------------------------------------------- Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts! The Gartner Group just put Neoteris in the top of its Magic Quadrant, while InStat has confirmed Neoteris as the leader in marketshare. Find out why, and see how you can get plug-n-play secure remote access in about an hour, with no client, server changes, or ongoing maintenance. Visit us at: http://www.neoteris.com/promos/sf-6-9.htm ---------------------------------------------------------------------------- --------------------------------------------------------------------------- Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts! The Gartner Group just put Neoteris in the top of its Magic Quadrant, while InStat has confirmed Neoteris as the leader in marketshare. Find out why, and see how you can get plug-n-play secure remote access in about an hour, with no client, server changes, or ongoing maintenance. Visit us at: http://www.neoteris.com/promos/sf-6-9.htm ----------------------------------------------------------------------------
Current thread:
- WG: Questions concerning computer forensics Meidinger Christopher (Jun 26)
- RE: Questions concerning computer forensics Soontobeelsewhere (Jun 26)