WG: Questions concerning computer forensics

[Meidinger Christopher <christopher.meidinger () badenIT de>]

Wow you really sound like a college student! I don't want to be facetious,
but the big or real answer to most of those quetions is RTFM :0 (Or STFG -
Search the Friendly Google)

Anyway, a couple of real answers: 

1. Extremly closely. You need to understand security to know what you are
seeing forensically and to know what to look for. See answer 5.

2. Um, i have no idea whether Palm forensics is necessary. My Opinion: At a
governmental level: probably there is need for people that can do it. They
need to extract evidence from everywhere they can in an evolving
technological world. On a corporate level, probably almost none. Most
forensics guys spend their days trying to see what happened on a machine
that got hacked, not trying to find information from someone else's machine
to prosecute them.

3. Yes, millions, keep looking. Ummmmm stuff like coroner's toolkit, or
F.I.R.E. would be places to start. (Google is your friend) Sourceforge is
not a bad thing! As far as getting linux installed, that is a humongous MUST
for you. If you need help getting linux running, you can email me, it would
be happy to help with any questions.

4. Yes, thousands. Amazon.com is also your friend. This kind of question is
impossible to answer. If you ask something like 'i need a better book on
that specific point or about that subject' or 'does anyone know a whitepaper
dealing with this and that problem' we can help you better.

5. It's the same job really, just with different specialties. Think of it
like a pathologist, he and the surgeon are both doctors, but they perform
their jobs at different times. They both have the same medical training,
just as security people and forensic people have the same area of expertise.
Just the security guy is preventing getting rooted and the forensics guy is
seeing how he got rooted.

Sorry that it's short and snippy, but i wanted to be sure you got an answer.

badenIT GmbH
System Support
 
Chris Meidinger
Tullastrasse 70
79108 Freiburg


-----Ursprüngliche Nachricht-----
Von: Joe Lindsay [mailto:josephlindsay11182 () hotmail com]
Gesendet: Tuesday, June 24, 2003 7:39 PM
An: security-basics () securityfocus com
Betreff: Questions concerning computer forensics


I am currently a senior in college and I am looking to go into computer 
forensics.  Right now i am currently teaching myself some of the tehniques 
used in doing Win2k and some *nix investigation.  I am a computer science 
and information systems major.  I just have some questions about computer 
forensics in general.

1.  How closely related are computer forensics and security?

2.  I have done palm programming, and I read an article about palms being 
used to prosecute.  Is there a growing need for palm forensics?

3.  I have some tools, but they are from sourceforge.  Are there any 
freeware or trialware available for Win2k machine(sadly been unable to get 
linux installed, tried many different distros :-<)?

4.  I am currently reading Computer Forensics:  Incident Response Essentials

by Warren Kruse and Jay Heiser, are there any other books and/or whitepapers

that anyone can suggest?

5.  Is there a growing need for computer forensics in the work place?  Does 
the security analyst or consultant double up as computer forensic analyst or

security investigator?

Thank you for your time,

Joe Lindsay

_________________________________________________________________
The new MSN 8: smart spam protection and 2 months FREE*  
http://join.msn.com/?page=features/junkmail


---------------------------------------------------------------------------
Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts!
The Gartner Group just put Neoteris in the top of its Magic Quadrant,
while InStat has confirmed Neoteris as the leader in marketshare.
     
Find out why, and see how you can get plug-n-play secure remote access in
about an hour, with no client, server changes, or ongoing maintenance.
          
Visit us at: http://www.neoteris.com/promos/sf-6-9.htm
----------------------------------------------------------------------------

---------------------------------------------------------------------------
Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts!
The Gartner Group just put Neoteris in the top of its Magic Quadrant,
while InStat has confirmed Neoteris as the leader in marketshare.

Find out why, and see how you can get plug-n-play secure remote access in
about an hour, with no client, server changes, or ongoing maintenance.

Visit us at: http://www.neoteris.com/promos/sf-6-9.htm
----------------------------------------------------------------------------