Educause Security Discussion mailing list archives

Re: Input on setting up a digital forensics lab

From: "Sburlea, Stefan" <sburlea () CHAPMAN EDU>
Date: Thu, 11 May 2017 16:05:36 +0000

Great list Roshan,

Thank you!

Best Regards,

Stefan Sburlea

Information Security Specialist
Desk Phone: 714-744-7802
[cid:image001.jpg@01D1F7D2.7E9A9DB0]
Visit www.chapman.edu/security<http://www.chapman.edu/security> for the latest Phishing emails

UNIVERSITY STAFF WILL NEVER ASK FOR YOUR PASSWORD - DO NOT SHARE YOUR PASSWORD WITH OTHERS!

From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Roshan 
Harneker
Sent: Thursday, May 11, 2017 6:15 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] Input on setting up a digital forensics lab

Hi Robert,

You could try setting up a lab that makes use of open source forensic tools if you’re unable to find a partnership with 
a large corporate. There are some really good open source alternatives to the well-known proprietary products (FTK / 
EnCase etc.). Some examples include:


·         Sleuth Kit Autopsy - 
https://www.sleuthkit.org/autopsy/<https://urldefense.proofpoint.com/v2/url?u=https-3A__www.sleuthkit.org_autopsy_&d=DwMGaQ&c=TwQYWVcq0sGbkW5mKeqBpQ&r=7iVuda2uljYoWgWEooR6EZYntRVKRGaz_StnGeFr3SI&m=Ufser9sapdn7HMeEPOizE5EoJAWdNUT8u9mpgKfOuoQ&s=T3VC0TAuZmvllR9ZVrLHZKe_0JvluDqP4zTZ3o2fuR0&e=>
 - (runs on OS X, Windows and Linux)

·         Paladin - 
https://sumuri.com/software/paladin/<https://urldefense.proofpoint.com/v2/url?u=https-3A__sumuri.com_software_paladin_&d=DwMGaQ&c=TwQYWVcq0sGbkW5mKeqBpQ&r=7iVuda2uljYoWgWEooR6EZYntRVKRGaz_StnGeFr3SI&m=Ufser9sapdn7HMeEPOizE5EoJAWdNUT8u9mpgKfOuoQ&s=PTtUozRNcvkrGW5kp65CFMiupBE7ibL3NC2iFbb4Udg&e=>
 - Linux-based

·         SANS SIFT - 
https://digital-forensics.sans.org/community/downloads<https://urldefense.proofpoint.com/v2/url?u=https-3A__digital-2Dforensics.sans.org_community_downloads&d=DwMGaQ&c=TwQYWVcq0sGbkW5mKeqBpQ&r=7iVuda2uljYoWgWEooR6EZYntRVKRGaz_StnGeFr3SI&m=Ufser9sapdn7HMeEPOizE5EoJAWdNUT8u9mpgKfOuoQ&s=xMseKRfthrTkDYghxjKL8YYBFNVUYfbClVGDFeZrM00&e=>
 - Linux-based

·         Kali Linux Forensics Mode - http://docs.kali.org/general-use/kali-linux-forensics-mode

·         FTK Imager 
(http://www.accessdata.com/support/product-downloads<https://urldefense.proofpoint.com/v2/url?u=http-3A__www.accessdata.com_support_product-2Ddownloads&d=DwMGaQ&c=TwQYWVcq0sGbkW5mKeqBpQ&r=7iVuda2uljYoWgWEooR6EZYntRVKRGaz_StnGeFr3SI&m=Ufser9sapdn7HMeEPOizE5EoJAWdNUT8u9mpgKfOuoQ&s=dNl6mWIWxbSZuxIoycrgMavCOwYCgvAdI-szvx9MPpM&e=>)
 – only allows imaging and data preview etc., so do not confuse it with the full FTK suite)

·         Oxygen Forensics (for mobile forensics) - 
https://www.oxygen-forensic.com/en/<https://urldefense.proofpoint.com/v2/url?u=https-3A__www.oxygen-2Dforensic.com_en_&d=DwMGaQ&c=TwQYWVcq0sGbkW5mKeqBpQ&r=7iVuda2uljYoWgWEooR6EZYntRVKRGaz_StnGeFr3SI&m=Ufser9sapdn7HMeEPOizE5EoJAWdNUT8u9mpgKfOuoQ&s=55L-5-ngiagvhYIoa43-gAAgK1z43TLo8jsU-BiNoNU&e=>.
 This one is paid-for but allows for educational discounts

Using open source software means your cost overheads would be reduced as long as you had staff or tutors who are 
proficient in the products you choose and can assist other students with queries and/or basic training.

Regards,
Roshan


Roshan Harneker
Senior Manager: Educational Technology Services
Information & Communication Technology Services (ICTS)
University of Cape Town
Phone: 021 650 3658
Email: roshan.harneker () uct ac za<mailto:roshan.harneker () uct ac za>
Map: 
http://www.icts.uct.ac.za/directions-to-icts<https://urldefense.proofpoint.com/v2/url?u=http-3A__www.icts.uct.ac.za_directions-2Dto-2Dicts&d=DwMGaQ&c=TwQYWVcq0sGbkW5mKeqBpQ&r=7iVuda2uljYoWgWEooR6EZYntRVKRGaz_StnGeFr3SI&m=Ufser9sapdn7HMeEPOizE5EoJAWdNUT8u9mpgKfOuoQ&s=JzGhfDAbjab8zkuJRuuj4qU9b8gCLTDg1cbXLSCZCFg&e=>



From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Robert 
Shoniwa
Sent: 11 May 2017 04:30 AM
To: SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU>
Subject: [SECURITY] Input on setting up a digital forensics lab

Good day all,

I'm with a university in Zimbabwe that is offering a degree programme related to Cybersecurity and we're looking to set 
up a digital forensics lab (the first in our country) to supplement forensics related courses in the curriculum. As a 
relatively young institute, I think we could benefit from the institutes with experience regarding this.  My question 
is, are there any possible suggestions as to ways (e.g. potential partnerships with international commercial companies 
like Cellebrite) that can help reduce the total cost of setting such a lab up at a public university?

Kind regards,

Robert Shoniwa
Head of Information Security and Assurance
Harare Institute of Technology
Disclaimer - University of Cape Town This e-mail is subject to UCT policies and e-mail disclaimer published on our 
website at http://www.uct.ac.za/about/policies/emaildisclaimer/ or obtainable from +27 21 650 9111. If this e-mail is 
not related to the business of UCT, it is sent by the sender in an individual capacity. Please report security 
incidents or abuse via csirt () uct ac za<mailto:csirt () uct ac za>

Current thread:

Input on setting up a digital forensics lab Robert Shoniwa (May 10)
- Re: Input on setting up a digital forensics lab Roshan Harneker (May 11)
  - Re: Input on setting up a digital forensics lab Sburlea, Stefan (May 11)
  - Re: Input on setting up a digital forensics lab John Reilly (May 11)
  - Re: Input on setting up a digital forensics lab Robert Shoniwa (May 11)
  - Re: Input on setting up a digital forensics lab Alex Keller (May 11)
    - Re: Input on setting up a digital forensics lab Robert Shoniwa (May 11)
- Re: Input on setting up a digital forensics lab Seiwert, Matt (May 23)