-
FTimes featured in ISSA Journal
Last month's issue of the ISSA Journal (December 2008, Volume 6, Issue 12) has a nice article about FTimes written by Russ McRee. The article, entitled "All's FAIR: Forensics, Analysis, Integrity, and Response with FTimes", explores some of the capabilities of FTimes. The article is available here:
http://holisticinfosec.org/toolsmith/docs/december2008.pdf
ISSA members can also get it here:
http://www.issa.org/Library/Journals/2008/December/McRee-toolsmith.pdf
2009-01-26 17:02:15 UTC by mavrik
-
FTimes 3.8.0 Released
Version 3.8.0 is a minor release of FTimes. Generally, code was cleaned up and refined as necessary. Several bugs have been fixed -- see the ChangeLog for details. This release includes support for SHA256 hashes, include/exclude filters, and a number of additional file systems (DATAPLOW_ZFS, NTFS-3G, NWCOMPAT, UDF). HashDig utilities have been updated to support SHA1 and SHA256 hashes, and the following tools have been been added to the project: ftimes-crv2dbi.pl, ftimes-dig2dbi.pl, hashdig-find.pl, and tarmap. Note that documentation is no longer built at release time, and that means your build system must include the necessary tools to create the documentation -- see the Requirements Section in README.INSTALL for additional details. Since SF officially discontinued compile farm support on 2007-02-08, this project is no longer able to build/test releases in the manner and scale that it did before. Unfortunately, this may result in platform-specific issues that go unnoticed until they are discovered by someone in the field.
2007-04-14 23:50:50 UTC by mavrik
-
FTimes "System Baselining" Paper Updated
The FTimes Project has released an updated copy of "System Baselining -- A Forensic Perspective".
This paper, written by Klayton Monroe and Dave Bailey, defines baselining terminology, explains the mechanics of baselining, compares and contrasts different baselining techniques, and describes FTimes -- a system baselining and evidence collection tool. The paper also explores some of the criteria that evidence collection tools and techniques must satisfy if they are going to support prosecutions. In closing, it presents a pair of war stories that are typical of the times.
The paper is available here:
http://ftimes.sourceforge.net/FTimes/Papers.shtml
2006-09-21 01:43:27 UTC by mavrik
-
FTimes Helps Team Win DFRWS 2006 File Carving Challenge
First place in the DFRWS 2006 File Carving Challenge was awarded to Klayton Monroe, Andy Bair, and Jay Smith.
The team's approach/methodology relied heavily on tools from The FTimes Project. However, the team's contributions also influenced the direction of The FTimes Project. In fact, a majority of the new features/tools in the 3.7.0 release were directly related to the team's efforts.
For more information regarding the challenge and the results, check out the following links:
http://www.dfrws.org/2006/challenge/
http://www.dfrws.org/2006/challenge/submissions/index.html
http://www.korelogic.com/Resources/Projects/dfrws_challenge_2006/
2006-08-29 21:39:56 UTC by mavrik
-
FTimes 3.7.0 Released
Version 3.7.0 is a minor release of FTimes, a system baselining and evidence collection tool. The primary purpose of ftimes is to gather and/or develop topographical information and attributes about specified directories and files in a manner conducive to intrusion and forensic analysis.
Generally, code was cleaned up and refined as necessary. Several bugs have been fixed -- see the ChangeLog for details. The main focus of this release was to improve XMagic by adding new test modes, types, and operators. In particular, 16 new XMagic types and 8 new test operators have been added. Additionally, XMagic has crossed over into dig mode. Now, it is possible to use magic incantations on all the blocks in a given file. Together, these enhancements represent a significant jump forward in XMagic technology. Finally, ftimes-crv2raw.pl has been added to the project.
2006-07-21 01:54:22 UTC by mavrik
