Re: [PEN-TEST] Forensic analisys and related training

[Jensenne Roculan <jroculan () SECURITYFOCUS COM>]

Hi there Erick,

> 1- Any links related to downloadable papers about forensic data analysis and
> donwloadable tools?

<shameless plug>

A gentleman by the name of Timothy Wright has written up an ongoing
series titled "The Field Guide for Investigating Computer Crime."  There
are eight installments in the series however only four have been published
thus far.  The rest will be released periodically.  So far, we have:

Part 1: An Introduction to the Field Guide for Investigating Computer
Crime
http://www.securityfocus.com/focus/ih/articles/crimeguide1.html

Part 2: Overview of a Methodology for the Application of Computer
Forensics
http://www.securityfocus.com/focus/ih/articles/crimeguide2.html

Part 3: Search and Seizure Basics
http://www.securityfocus.com/focus/ih/articles/crimeguide3.html

Part 4: Search and Seizure Planning
http://www.securityfocus.com/focus/ih/articles/crimeguide4.html

The following paper serves as an introduction to Forensics:

Digital Media Forensics
http://www.securityfocus.com/focus/ih/articles/dforensics.html

Lance Spitzner's analysis of a successful attack against his
honeypot:

A Forensic Analysis
http://www.securityfocus.com/focus/ih/articles/foranalysis.html

As for tools, I'd recommend you check out The Coroner's Toolkit (TCT) by
Wietse Venema and Dan Farmer:

http://www.fish.com/tct/
Documentation:
http://www.fish.com/tct/help-when-broken-into
FAQ: http://www.fish.com/tct/FAQ.html

Also, there are a lot of free tools at http://www.securityfocus.com/ih
under 'Tools - Forensics', naturally.  And check out 'Library - Forensics'
for much more reference material.

</shameless plug>

Cheers,

Jensenne Roculan
SecurityFocus.com
http://www.securityfocus.com
(403) 213-3939 ext. 229