oscfmanual-discuss Mailing List for Open Source Computer Forensics Manual
Status: Planning
Brought to you by:
mbevilacqua2
Menu
▾
▴
oscfmanual-discuss — Main list for the project
You can subscribe to this list here.
| 2003 |
Jan
|
Feb
|
Mar
|
Apr
|
May
(2) |
Jun
(15) |
Jul
(1) |
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
|---|
|
From: Matias B. T. <mbe...@cy...> - 2003-07-16 11:50:16
|
Hi!, It has just been released an updated version of the initial sketch with all received comments. I'm also glad to announce that the project has become ISECOM-supported which means a broader diffusion of the initiative and potentially more helping-brains! :) It is time to start coordinating the development of each of the outlined areas of the document. I'd like to have the coordination ready asap so that those who (like myself) have more time for these things in summer can start right away. There's a lot to be done so don't hesitate to get in! Finally a brief comment on SOPs. I'm receiving many emails with SOP related issues. I'm aware that ultimately SOPs will become one of the most interesting contributions from this initiative but hold on... we must set the methodology first which will be followed by the SOPs later. We'll get there, don't worry! Sincerely, mat=EDas. https://sourceforge.net/projects/oscfmanual/ |
|
From: Matias B. <mbe...@cy...> - 2003-06-18 15:06:50
|
Hi everyone, As you all know, there are some related projects or resources out there which we must be aware of. I spent last Monday & Tuesday in the final CTOSE meeting in Paris (http://www.ctose.org/info/). In touch with this initiative my intention was to evaluate the project itself and see if there existed any type of synergy with the OSCFManual project. There was not enough information released though to "evaluate" as such, but it seemed the main plan is to commercialize it somehow. If this ends up being the case and due to the "open source" nature of this initiative collaboration options are limited. Keeping to the thread, it would be nice to have a complete list of existing processes, methodology, SOP's, best practices... to be sure we're taking into account all existing documentation and produce a resource compliant to all of them. I'll begin the list with the usual ones in no particular order: *G8 General Principles Applying to the Recovery of Digital Evidence *ACPO Good Practice Guide for Computer Based Evidence *IOCE Guidelines for Best Practice in the Forensic Examination of Digital Evidence *RFC 3227 +CTOSE Please contribute to this list! Sincerely, Matias Bevilacqua Trabado CYBEX ___________________________________________________________________ PGP-ID: 0x40A4869F PGP Fingerprint: 2052 98A0 F0F0 2914 D7FA 4E7C 0488 7E8C 40A4 869F ___________________________________________________________________ CYBEX Grupo Intelligence Bureau Rambla de Catalunya, 32 4o-2a 08007 Barcelona Tel. 93 215 53 23 Fax. 93 215 50 72 http://www.cybex.info |
|
From: Matias B. <mbe...@cy...> - 2003-06-18 11:03:55
|
Yes, having it on a separate doc. during development could make things easier. If there are no objections I'll see to it. Sincerely, Matias Bevilacqua Trabado CYBEX ___________________________________________________________________ PGP-ID: 0x40A4869F PGP Fingerprint: 2052 98A0 F0F0 2914 D7FA 4E7C 0488 7E8C 40A4 869F ___________________________________________________________________ CYBEX Grupo Intelligence Bureau Rambla de Catalunya, 32 4o-2a 08007 Barcelona Tel. 93 215 53 23 Fax. 93 215 50 72 http://www.cybex.info -----Mensaje original----- De: Juan Carlos Reyes Munoz [mailto:jc...@00...] Enviado el: domingo, 15 de junio de 2003 18:11 Para: Matias Bevilacqua CC: osc...@li... Asunto: Re: [oscfmanual-discuss] OSCFManual sketch release Hi Folks. I've been thinking about the terminology fact. What do you think about a glossary (one unique document, published and updated by only one person in the sourceforge site) which we can use as reference for terminology when writing our documents? something like "common used terms" or "terminology reference", and then each one will be responsible for use it as a rule of acceptance of documents.... anyway i like the idea of splitting the sections into groups of development! just an idea! Matias Bevilacqua wrote: Hi Matthew! It is agreed that terminology _is_ important. It is only a mater of choosing how to deal with it. Trying to create a list of forensic terminology could prove a daunting task which will definitely stall the initiative. On the other hand, being aware of it's importance I say we could just build it on the fly on an as-needed basis. It's not all that complicated to review the document and modify some key terms after a new definition has been agreed. I'll do that myself if needed, no problem. :) Sincerely, Matias Bevilacqua Trabado CYBEX ___________________________________________________________________ PGP-ID: 0x40A4869F PGP Fingerprint: 2052 98A0 F0F0 2914 D7FA 4E7C 0488 7E8C 40A4 869F ___________________________________________________________________ CYBEX Grupo Intelligence Bureau Rambla de Catalunya, 32 4o-2a 08007 Barcelona Tel. 93 215 53 23 Fax. 93 215 50 72 http://www.cybex.info -----Mensaje original----- De: osc...@li... [mailto:osc...@li...]En nombre de mat...@us... Enviado el: jueves, 12 de junio de 2003 19:25 Para: osc...@li... Asunto: RE: [oscfmanual-discuss] OSCFManual sketch release Folks If we split the sections out into groups for development, we will receive results with dissimilar vocabularies. one will discuss Mirrors, another will mention Copies, and yet another will reference Images. Tell me I'm wrong? I'm not looking forward to the task I'm suggesting, but I am looking forward to having the resulting terminology before getting any deeper. We'd have to agree on Yards or Meters if we were designing mortar and bricks object. How is this any different? Thanks, Matthew Brown (Fool) ------------------------------------------------------- This SF.NET email is sponsored by: eBay Great deals on office technology -- on eBay now! Click here: http://adfarm.mediaplex.com/ad/ck/711-11697-6916-5 _______________________________________________ oscfmanual-discuss mailing list osc...@li... https://lists.sourceforge.net/lists/listinfo/oscfmanual-discuss ------------------------------------------------------- This SF.NET email is sponsored by: eBay Great deals on office technology -- on eBay now! Click here: http://adfarm.mediaplex.com/ad/ck/711-11697-6916-5 _______________________________________________ oscfmanual-discuss mailing list osc...@li... https://lists.sourceforge.net/lists/listinfo/oscfmanual-discuss |
|
From: <jc...@00...> - 2003-06-15 16:11:28
|
Hi Folks. I've been thinking about the terminology fact. What do you think about a glossary (one unique document, published and updated by only one person in the sourceforge site) which we can use as reference for terminology when writing our documents? something like "common used terms" or "terminology reference", and then each one will be responsible for use it as a rule of acceptance of documents.... anyway i like the idea of splitting the sections into groups of development! just an idea! Matias Bevilacqua wrote: >Hi Matthew! > >It is agreed that terminology _is_ important. It is only a mater of choosing >how to deal with it. Trying to create a list of forensic terminology could >prove a daunting task which will definitely stall the initiative. On the >other hand, being aware of it's importance I say we could just build it on >the fly on an as-needed basis. It's not all that complicated to review the >document and modify some key terms after a new definition has been agreed. >I'll do that myself if needed, no problem. :) > >Sincerely, >Matias Bevilacqua Trabado >CYBEX >___________________________________________________________________ >PGP-ID: 0x40A4869F >PGP Fingerprint: 2052 98A0 F0F0 2914 D7FA 4E7C 0488 7E8C 40A4 869F >___________________________________________________________________ > >CYBEX >Grupo Intelligence Bureau >Rambla de Catalunya, 32 4o-2a >08007 Barcelona >Tel. 93 215 53 23 >Fax. 93 215 50 72 >http://www.cybex.info > > > >>-----Mensaje original----- >>De: osc...@li... >>[mailto:osc...@li...]En nombre de >>mat...@us... >>Enviado el: jueves, 12 de junio de 2003 19:25 >>Para: osc...@li... >>Asunto: RE: [oscfmanual-discuss] OSCFManual sketch release >> >> >>Folks >> >> If we split the sections out into groups for development, we will >>receive results with dissimilar vocabularies. one will discuss Mirrors, >>another will mention Copies, and yet another will reference >>Images. Tell me >>I'm wrong? I'm not looking forward to the task I'm suggesting, but I am >>looking forward to having the resulting terminology before getting any >>deeper. We'd have to agree on Yards or Meters if we were designing mortar >>and bricks object. How is this any different? >> >>Thanks, >>Matthew Brown (Fool) >> >> >> >> >> >>------------------------------------------------------- >>This SF.NET email is sponsored by: eBay >>Great deals on office technology -- on eBay now! Click here: >>http://adfarm.mediaplex.com/ad/ck/711-11697-6916-5 >>_______________________________________________ >>oscfmanual-discuss mailing list >>osc...@li... >>https://lists.sourceforge.net/lists/listinfo/oscfmanual-discuss >> >> > > > >------------------------------------------------------- >This SF.NET email is sponsored by: eBay >Great deals on office technology -- on eBay now! Click here: >http://adfarm.mediaplex.com/ad/ck/711-11697-6916-5 >_______________________________________________ >oscfmanual-discuss mailing list >osc...@li... >https://lists.sourceforge.net/lists/listinfo/oscfmanual-discuss > > > |
|
From: Matias B. <mbe...@cy...> - 2003-06-13 07:26:04
|
Hi Matthew! It is agreed that terminology _is_ important. It is only a mater of choosing how to deal with it. Trying to create a list of forensic terminology could prove a daunting task which will definitely stall the initiative. On the other hand, being aware of it's importance I say we could just build it on the fly on an as-needed basis. It's not all that complicated to review the document and modify some key terms after a new definition has been agreed. I'll do that myself if needed, no problem. :) Sincerely, Matias Bevilacqua Trabado CYBEX ___________________________________________________________________ PGP-ID: 0x40A4869F PGP Fingerprint: 2052 98A0 F0F0 2914 D7FA 4E7C 0488 7E8C 40A4 869F ___________________________________________________________________ CYBEX Grupo Intelligence Bureau Rambla de Catalunya, 32 4o-2a 08007 Barcelona Tel. 93 215 53 23 Fax. 93 215 50 72 http://www.cybex.info > -----Mensaje original----- > De: osc...@li... > [mailto:osc...@li...]En nombre de > mat...@us... > Enviado el: jueves, 12 de junio de 2003 19:25 > Para: osc...@li... > Asunto: RE: [oscfmanual-discuss] OSCFManual sketch release > > > Folks > > If we split the sections out into groups for development, we will > receive results with dissimilar vocabularies. one will discuss Mirrors, > another will mention Copies, and yet another will reference > Images. Tell me > I'm wrong? I'm not looking forward to the task I'm suggesting, but I am > looking forward to having the resulting terminology before getting any > deeper. We'd have to agree on Yards or Meters if we were designing mortar > and bricks object. How is this any different? > > Thanks, > Matthew Brown (Fool) > > > > > > ------------------------------------------------------- > This SF.NET email is sponsored by: eBay > Great deals on office technology -- on eBay now! Click here: > http://adfarm.mediaplex.com/ad/ck/711-11697-6916-5 > _______________________________________________ > oscfmanual-discuss mailing list > osc...@li... > https://lists.sourceforge.net/lists/listinfo/oscfmanual-discuss |
|
From: Matias B. <mbe...@cy...> - 2003-06-13 07:20:57
|
> With regard to the term "digital forensics", my work with local ... > have to start some place and "computer forensics" may be a place to start > - of course others here most likely have special knowledge that can be > tapped for the broader context. Agreed, we should not lose focus on the "big picture". Not in the methodology anyway. There will be a place to focus on technology when the time to develop SOPs & Technical guidelines arrives. > I'd like to use the manual in whatever form it is in for my graduate > digital forensics class in the fall. It might be a useful shakedown as far > as the broader audience and could result in very useful contributions from > students. That would certainly be great! Let's hope this catches up speed and you have something nice for the fall. Sincerely, Matias Bevilacqua Trabado CYBEX ___________________________________________________________________ PGP-ID: 0x40A4869F PGP Fingerprint: 2052 98A0 F0F0 2914 D7FA 4E7C 0488 7E8C 40A4 869F ___________________________________________________________________ CYBEX Grupo Intelligence Bureau Rambla de Catalunya, 32 4o-2a 08007 Barcelona Tel. 93 215 53 23 Fax. 93 215 50 72 http://www.cybex.info |
|
From: <mat...@us...> - 2003-06-12 17:25:13
|
Folks
If we split the sections out into groups for development, we will
receive results with dissimilar vocabularies. one will discuss Mirrors,
another will mention Copies, and yet another will reference Images. Tell me
I'm wrong? I'm not looking forward to the task I'm suggesting, but I am
looking forward to having the resulting terminology before getting any
deeper. We'd have to agree on Yards or Meters if we were designing mortar
and bricks object. How is this any different?
Thanks,
Matthew Brown (Fool)
|
|
From: Mark M. <ma...@cs...> - 2003-06-12 16:59:37
|
On Thu, 12 Jun 2003, Kurt Seifried wrote: > I think trying to 100% nail down terms defnitions is a fools errand as > different languages/jurisdictions will have slightly differing terms. I > agree it's important but I think it's more important to actually come up > with some methodology/process/documentaiton/etc at this point. I'm not sure if people are looking for definitive definitions or not, but I agree that trying to do so would not be immediately productive. However, a mapping that shows related terms and synonyms from around the world and, most importantly, across different domains would be most useful. I suspect that this effort could get rat-holed, but suggest that we keep it as loose as possible in order to collect terms and their diverse meanings. Context, as they say, is everything. With regard to the term "digital forensics", my work with local prosecutors, police, and the digital forensics research workshop (www.dfrws.org - they aren't US centric no matter what the Venn diagram implies!) as well as various government agencies and companies shows a growing awareness of "digital" over "computer". I train local police agencies on forensic practices and we are very aware that the term "digital" is way more descriptive than "computer", especially when the forensics person is helping to craft things like search warrants. I would encourage the document to take the broad perspective, but agree that you have to start some place and "computer forensics" may be a place to start - of course others here most likely have special knowledge that can be tapped for the broader context. I'd like to use the manual in whaterver form it is in for my graduate digital forensics class in the fall. It might be a useful shakedown as far as the broader audience and could result in very useful contributions from students. --mark --- Mark Morrissey ma...@cs... "nothing is foolproof to a sufficiently talented fool" |
|
From: Matias B. <mbe...@cy...> - 2003-06-12 14:07:44
|
The team is actually "the world" :) This is open-source, everyone and anyone can use it. The environment will be both liturgical and non-liturgical but we should keep to liturgical because you never know when a non-lit. forensics can change to a lit. one. the problem is bigger than you think because it is not only EU oriented but globally oriented! As to this "common set of rules" I'm in touch with RAND Europe people who are developing a Legal Handbook for countries in Europe. This handbook will answer questions such as: "Is port scanning 'legal' in XXX country?" and more of interest to us: "How should I collect evidence so that it is acceptable in court in XXX country?" We should keep an eye on that project and try to find something similar on the rest of the world... I'm sure there are regional initiatives we can build upon. As you see Andrea this will not be easy, but it will be fun! I'm, sending a copy of our last couple of emails to the list to get some feedback from the community. Sincerely, Matias Bevilacqua Trabado CYBEX ___________________________________________________________________ PGP-ID: 0x40A4869F PGP Fingerprint: 2052 98A0 F0F0 2914 D7FA 4E7C 0488 7E8C 40A4 869F ___________________________________________________________________ CYBEX Grupo Intelligence Bureau Rambla de Catalunya, 32 4o-2a 08007 Barcelona Tel. 93 215 53 23 Fax. 93 215 50 72 http://www.cybex.info > -----Mensaje original----- > De: la...@an... [mailto:la...@an...] > Enviado el: jueves, 12 de junio de 2003 15:23 > Para: Matias Bevilacqua > Asunto: RE: OSCFManual > > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Hi Matias, > well, first of all I would like to know the team composition > (especially their background) so > that we could start defining the priorities (for instance, wheter > deal with non-liturgical > examination or incident-response etc.) > The basic legal problem is the differenece among the various EU > countries, so, should we find > some lawyer based in other countries, we could define a common > set of rules enforceable almost > everywhere. > Cheers. > a > "--" > Studio Legale Monti > 20121 Milano C.so Venezia, 54 > 00196 Roma Via E.Gianturco, 5 > 65124 Pescara Via Paolini, 96 > tel.+39-085-294255 > fax +39-085-4226470 > web http://www.andreamonti.net > e-mail: stu...@an... > > > -----BEGIN PGP SIGNATURE----- > Version: PGP 8.0 -- QDPGP 2.70 > > iQA/AwUBPuh+zKVnZPb1S3ogEQJLpgCcDKT+936ykso2wZ1jPp09ps0M0XgAn0HZ > aSszN5hNINScEbMTmb1Qze5Y > =FHXC > -----END PGP SIGNATURE----- |
|
From: Matias B. <mbe...@cy...> - 2003-06-12 11:12:15
|
I feel the initial steps should drive us towards a more detailed definition on the content. The initial sketch if intendedly "open" (no joke intended) in it's definition so as to provide as much coverage as possible. I'd like to see people concentrating on particular areas of the methodology and coming up with a more detailed table of contents and even some brief description of each. Once we agree to the content we can release this and the real asignments of specific well defined areas can begin and we can start writing the actual content of the manual. If you'd like to get involved in any particular area either as writer or peer-reviewer pleaese drop me a line. Sincerely, Matías Bevilacqua Trabado CYBEX ___________________________________________________________________ PGP-ID: 0x40A4869F PGP Fingerprint: 2052 98A0 F0F0 2914 D7FA 4E7C 0488 7E8C 40A4 869F ___________________________________________________________________ CYBEX Grupo Intelligence Bureau Rambla de Catalunya, 32 4º-2ª 08007 Barcelona Tel. 93 215 53 23 Fax. 93 215 50 72 http://www.cybex.info > -----Mensaje original----- > De: osc...@li... > [mailto:osc...@li...]En nombre de Kurt > Seifried > Enviado el: jueves, 12 de junio de 2003 12:57 > Para: osc...@li...; > mat...@us... > Asunto: Re: [oscfmanual-discuss] OSCFManual sketch release > > > I think trying to 100% nail down terms defnitions is a fools errand as > different languages/jurisdictions will have slightly differing terms. I > agree it's important but I think it's more important to actually come up > with some methodology/process/documentaiton/etc at this point. > > > Kurt Seifried, ku...@se... > A15B BEE5 B391 B9AD B0EF > AEB0 AD63 0B4E AD56 E574 > http://seifried.org/security/ > > > > > > ------------------------------------------------------- > This SF.NET email is sponsored by: eBay > Great deals on office technology -- on eBay now! Click here: > http://adfarm.mediaplex.com/ad/ck/711-11697-6916-5 > _______________________________________________ > oscfmanual-discuss mailing list > osc...@li... > https://lists.sourceforge.net/lists/listinfo/oscfmanual-discuss |
|
From: Kurt S. <for...@se...> - 2003-06-12 09:57:45
|
I think trying to 100% nail down terms defnitions is a fools errand as different languages/jurisdictions will have slightly differing terms. I agree it's important but I think it's more important to actually come up with some methodology/process/documentaiton/etc at this point. Kurt Seifried, ku...@se... A15B BEE5 B391 B9AD B0EF AEB0 AD63 0B4E AD56 E574 http://seifried.org/security/ |
|
From: Matias B. <mbe...@cy...> - 2003-06-12 08:48:53
|
Hi Matthew, Nice to see some well-thought comments on the subject. Here's my personal point of view on the two items you comment about. > Discussion 1. The name of the manual: Computer Forensics Vs. Digital > Forensics (General) The approach you point out is similar to the one followed by the IOCE "best practice" guideline. I agree with this but would like to settle for an intermediate solution. It's not possible to change the name in Source Forge and would be complicated to move the 100+ subscribers we have here to a new list. I'd say we simply change the name on the document itself and leave the rest of the setup as is. Anyway now-a-days the term "computer forensics" has overgrown itself to encompass all kinds of digital data. And the truth is that people seeking such a document will likely input "computer forensics" into google or elsewhere rather that "digital forensics". > Discussion 2. Terms section: "forensic image, forensic copy, forensic > acquisition" (page 3) Once again I agree with it but I must stress the reason behind that Terms Section. It's all too easy to enter an endless discussion about terminology and naming conventions. I've seen quite a few "open source" initiatives starve to death over terminology discussions dying by exhaustion with no "real" work done. That's the reason I included the section. On this manual terms will have the meaning pointed out in the terms sections. The reader is expected to read that section and interpret the rest of the document bearing in mind those definitions. It is not casual this decision has been taken. Before starting out this initiative I had a very insightful dinner with Pete Herzog from OSSTMM and this issue was brought to my attention. I'm not saying everyone must simply agree to the terms thought! I'm open to discussions about terminology but would rather see them on my personal email rather than on the list to avoid terminology-email-wars. Until we have some volunteers I'll be managing this Terms Section so please do not hesitate to submit your definitions and the reasoning behind them to me. I'll be issuing emails with "important" changes to the Terms section on this list or directly to those collaborating on the project as seen fit to avoid confusions. > I have more items to discuss, but wanted to see how much of > a tempest > these two discussions would create. Involvement is encouraged. Please bring them on! Let's get this going... Sincerely, Matías Bevilacqua Trabado CYBEX ___________________________________________________________________ PGP-ID: 0x40A4869F PGP Fingerprint: 2052 98A0 F0F0 2914 D7FA 4E7C 0488 7E8C 40A4 869F ___________________________________________________________________ CYBEX Grupo Intelligence Bureau Rambla de Catalunya, 32 4º-2ª 08007 Barcelona Tel. 93 215 53 23 Fax. 93 215 50 72 http://www.cybex.info |
|
From: Matias B. <mbe...@cy...> - 2003-06-12 07:58:24
|
Done so some time ago. The project is currently at it's final stage. I have asked about what material will be made publicly available but it seems it is still in discussion in the Consortium. I'm in touch with Robin of JRC in Italy who's in charge of the continuation of the project, we'll see how this evolves. Sincerely, Matias Bevilacqua Trabado CYBEX ___________________________________________________________________ PGP-ID: 0x40A4869F PGP Fingerprint: 2052 98A0 F0F0 2914 D7FA 4E7C 0488 7E8C 40A4 869F ___________________________________________________________________ CYBEX Grupo Intelligence Bureau Rambla de Catalunya, 32 4o-2a 08007 Barcelona Tel. 93 215 53 23 Fax. 93 215 50 72 http://www.cybex.info > -----Mensaje original----- > De: osc...@li... > [mailto:osc...@li...]En nombre de Mark > Furner > Enviado el: miercoles, 11 de junio de 2003 19:18 > Para: osc...@li... > Asunto: [oscfmanual-discuss] EU guidelines > > > Hi Folks > > It might be worth keeping an eye on this EU project or getting in > touch with > them. > > CTOSE (Cyber Tools On-Line Search for Evidence) > > http://www.ctose.org/info/index.html > > All power to your elbows! > > Mark Furner > > -- > > Mark Furner > Scheideggstr. 14 > 8400 Winterthur > Switzerland > ++41 (0)52 233 05 61 > ++41 (0)78 641 15 92 > Mar...@Bi... > mf...@hi... > > > > ------------------------------------------------------- > This SF.NET email is sponsored by: eBay > Great deals on office technology -- on eBay now! Click here: > http://adfarm.mediaplex.com/ad/ck/711-11697-6916-5 > _______________________________________________ > oscfmanual-discuss mailing list > osc...@li... > https://lists.sourceforge.net/lists/listinfo/oscfmanual-discuss |
|
From: <mat...@us...> - 2003-06-11 18:39:38
|
Folks
First, I'd like to mention that I like the direction and format o=
f
the manual and the idea of starting with this basic outline.
I wanted to get the ball rolling on the TERMS section of the
document. I believe it is important at this point to use terms we can l=
ive
with. One approach I hope to the table is the use of terms already
recognized by the court. While the idea of developing an open source
methodology with what is currently being done in the field is appealing=
and
why I'm getting involved, it is important to understand where we can an=
d
can not make change easily. U.S. courts already have a language for
referencing computer forensics. Terms like "Image" already have deep ro=
ots
and attempting to us another term may result in a conflict between the =
open
source methodology and the legal world. It is possible that the ability=
to
entertain acceptance of such a doctrine might hinge on such details. Af=
ter
all some court systems, including the U.S., value precedent and precede=
nt
includes such digital forensics terminology. So let's look to what is b=
eing
used by the legal community before making decisions in terminology and
usage of that terminology.
Reference: Open-Source Computer Forensics Manual
Discussion 1. The name of the manual: Computer Forensics Vs. Digital
Forensics (General)
For those of you with the word "Cyber" in your credentials and
college degrees it is obvious that the life expectancy of some terms
systems jargon is short lived. There is also the issue of scope in the
differences between "Computer" and "Digital" in this case. Since the sc=
ope
of this manual is to encompass PCs, server, PDAs, networks, routers,
firewalls, laptops, removable storage items, image analysis, sound
analysis, data streams, alternate data streams, CDs, DVDs it is obvious=
if
we are to design the manual for longevity, we must label it and use ter=
ms
that will cover the inevitable new generations of systems and storage
devices. I would suggest that we name the manual, the "Open-Source Digi=
tal
Forensics Manual".
Discussion 2. Terms section: "forensic image, forensic copy, forensic=
acquisition" (page 3)
It looks there has been an attempt here to include the various te=
rms
used for what I know as an "Image Copy". While I consider "Image" or "I=
mage
Copy" I would suggest that we start a discussion to decide on one that
would represent one term to give us a globally usable term that, as of =
yet,
is called something different by as every tool and practice I've run
across. Sometimes the term is the same, but the usage of the term is
different. I have asked one of the founders of NTI (at an ISSA presenta=
tion
in Portland OR) and an high level engineer that work on an earlier vers=
ion
of EnCase if there was any interest in developing a common definition o=
f
terms. In both cases the representative was either not interested or di=
dn't
think it would fly with their organization. Each considered their
definition of terms to stand as an industry standard. We need a common
definition of terms, not just a list of terms. I would suggest we discu=
ss
this matter before we attempt to address the list of terms and their
definitions themselves. Reference the email thread below to see a samp=
le
of a term and it's definition that started these two discussions.
I have more items to discuss, but wanted to see how much of a tem=
pest
these two discussions would create. Involvement is encouraged.
Thanks,
Matthew Brown, CISSP, SSCP, MCP
U.S. Bancorp
Information Security Services
Threat & Vuln Mgmt (Security Consultant)
Alt: mb...@ci...
----- Forwarded by Matthew T Brown/OR/USB on 06/11/2003 08:14 AM -----
=
=20
"Matias =
=20
Bevilacqua" To: matthew.brown1@=
usbank.com =20
<mbevilacqua@cyb cc: =
=20
ex.info> Subject: RE: [oscfmanual=
-discuss] OSCFManual sketch release =20
=
=20
06/11/2003 12:12 =
=20
AM =
=20
=
=20
=
=20
I would totaly agree if we were talking ONLY about imaging todays compu=
ter
drives but...
What about imaging a Palm? or Flash Card? or any other kind of device t=
o
store digital data.
I feel the need to make this document as "open" as possible to any kind=
of
digital data at all. Once we get down to the level of SOPs of Technical=
guidelines I agree the need to use more apropiate terms for the technol=
ogy
involved.
I'll try to figure out some rephrasing to avoid the "bit-by-bit" term t=
here
though.
Please feel free send this thread to the list! We need to sparkle up
discussion :)
Sincerely,
Mat=EDas Bevilacqua Trabado
CYBEX
___________________________________________________________________
PGP-ID: 0x40A4869F
PGP Fingerprint: 2052 98A0 F0F0 2914 D7FA 4E7C 0488 7E8C 40A4 869F
___________________________________________________________________
CYBEX
Grupo Intelligence Bureau
Rambla de Catalunya, 32 4=BA-2=AA
08007 Barcelona
Tel. 93 215 53 23
Fax. 93 215 50 72
http://www.cybex.info
> -----Mensaje original-----
> De: mat...@us... [mailto:mat...@us...]
> Enviado el: mi=E9rcoles, 11 de junio de 2003 0:25
> Para: Matias Bevilacqua
> Asunto: Re: [oscfmanual-discuss] OSCFManual sketch release
>
>
>
> Matias
>
> I didn't know if it was appropriate to email you directly on th=
is
> matter or the list. I decided to err by sending it to you directly.
>
> In reference to: oscfm.en.0.1.0 Initial release
>
> I wanted to address the use of bit-by-bit in the TERMS
> section of the
> document. While all the bits are copied, thus creating a bit-for-bit=
> image/copy, there is no bit-by-bit copy function. There are
> sector-by-sector and block-by-block copies, which read entire sectors=
or
> blocks before writing the entire sector or block to the image/copy. =
It
> makes me wince when I hear people in this industry discuss this matte=
r at
> the bit level. We can't even do a byte-by-byte copy without reading a=
nd
> writing an entire sector/block. Now would seem to be the time to
> spell this
> out or clarify it. Otherwise we will be stuck with bit-by-bit and
> sooner or
> later an export for the defense in court will point out that the mach=
ines
> can not perform a bit-by-bit copy. Again, the result of a
> block-by-block or
> sector-by-sector copy is a bit-for-bit mirror or image.
>
> Let me know what you think...
>
> Thanks,
> Matthew Brown, CISSP, SSCP, MCP
> U.S. Bancorp
> Information Security Services
> Threat & Vuln Mgmt (Security Consultant)
> (503) 401-4224 Office
> (503) 869-8382 Cell
> (888) 789-6162 Pager
> 888...@my...
> (Short text messages only)
>
>
> |---------+---------------------------------------------->
> | | "Matias Bevilacqua" |
> | | <mbe...@cy...> |
> | | Sent by: |
> | | osc...@li...ur|
> | | ceforge.net |
> | | |
> | | |
> | | 06/10/2003 08:36 AM |
> | | |
> |---------+---------------------------------------------->
>
> >-----------------------------------------------------------------
> ------------------------------|
> |
> |
> | To: osc...@li...
> |
> | cc:
> |
> | Subject: [oscfmanual-discuss] OSCFManual sketch
> release |
>
> >-----------------------------------------------------------------
> ------------------------------|
>
>
>
>
> Hi everybody,
>
> Seems the initiative has almost too much support :) As I told you in =
my
> last
> email there have been several contributions with personal or regional=
> methodologies and SOPs from the beginning. We have been trying to
> integrate
> them into the initial release but it has proven to be a daunting task=
.
> Instead we are releasing the initial sketch of the document so that
> everyone
> can start collaborating into the effort and will slowly dissect the
> contributed documentation to get the best out of them and into the
> OSCFManual.
> This list will be initially used for all coordination and discussion
> related
> to the development of the project, other lists will be opened as the =
need
> arises.
> I encourage everyone to download the sketch read it and get back to m=
e
> and/or the list with improvements, collaboration offers, comments,
> pitfalls,
> anything!
> Everyone's invited :)
>
> You will find the initial documentation in:
> https://sourceforge.net/projects/oscfmanual/
>
> Sincerely,
> Mat=EDas Bevilacqua Trabado
> CYBEX
> ___________________________________________________________________
> PGP-ID: 0x40A4869F
> PGP Fingerprint: 2052 98A0 F0F0 2914 D7FA 4E7C 0488 7E8C 40A4 869F
> ___________________________________________________________________
>
> CYBEX
> Grupo Intelligence Bureau
> Rambla de Catalunya, 32 4=BA-2=AA
> 08007 Barcelona
> Tel. 93 215 53 23
> Fax. 93 215 50 72
> http://www.cybex.info
>
>
>
> -------------------------------------------------------
> This SF.net email is sponsored by: Etnus, makers of TotalView, The b=
est
> thread debugger on the planet. Designed with thread debugging feature=
s
> you've never dreamed of, try TotalView 6 free at www.etnus.com.
> _______________________________________________
> oscfmanual-discuss mailing list
> osc...@li...
> https://lists.sourceforge.net/lists/listinfo/oscfmanual-discuss
>
>
>
>
>
>
>
=
|
|
From: Mark F. <Mar...@bi...> - 2003-06-11 17:21:49
|
Hi Folks It might be worth keeping an eye on this EU project or getting in touch with them. CTOSE (Cyber Tools On-Line Search for Evidence) http://www.ctose.org/info/index.html All power to your elbows! Mark Furner -- Mark Furner Scheideggstr. 14 8400 Winterthur Switzerland ++41 (0)52 233 05 61 ++41 (0)78 641 15 92 Mar...@Bi... mf...@hi... |
|
From: Matias B. <mbe...@cy...> - 2003-06-10 15:39:26
|
Hi everybody, Seems the initiative has almost too much support :) As I told you in my last email there have been several contributions with personal or regional methodologies and SOPs from the beginning. We have been trying to integrate them into the initial release but it has proven to be a daunting task. Instead we are releasing the initial sketch of the document so that everyone can start collaborating into the effort and will slowly dissect the contributed documentation to get the best out of them and into the OSCFManual. This list will be initially used for all coordination and discussion related to the development of the project, other lists will be opened as the need arises. I encourage everyone to download the sketch read it and get back to me and/or the list with improvements, collaboration offers, comments, pitfalls, anything! Everyone's invited :) You will find the initial documentation in: https://sourceforge.net/projects/oscfmanual/ Sincerely, Matías Bevilacqua Trabado CYBEX ___________________________________________________________________ PGP-ID: 0x40A4869F PGP Fingerprint: 2052 98A0 F0F0 2914 D7FA 4E7C 0488 7E8C 40A4 869F ___________________________________________________________________ CYBEX Grupo Intelligence Bureau Rambla de Catalunya, 32 4º-2ª 08007 Barcelona Tel. 93 215 53 23 Fax. 93 215 50 72 http://www.cybex.info |
|
From: Kurt S. <for...@se...> - 2003-05-14 09:22:28
|
http://itjobs.mycareer.com.au/elements/itnews/2003/05/09/FFXC6HDSMFD.html Les Kennedy 09 May, 2003 Police are offering 20 computer nerds the opportunity to become highly paid spies working for the NSW counter-terrorist unit. Successful applicants will not have to undergo the rigours of police academy training or uniform duties but will be designated special constables, with wage offers above the $44,000 starting rate for regular police constables. The computer spies most likely university computer science graduates or highly skilled IT workers will be offered wages of between $60,000 and $103,000. The high wage offer to civilian employees is a first for the police service but seen as necessary by the Commissioner, Ken Moroney, to recruit the best computer specialists from the private sector. The successful applicants will join a newly created unit within the police Special Service Group that will be called the State Electronic Evidence Branch. Superintendent Tony Jeffries said advertisements for the hacker sleuths would be placed in newspapers tomorrow. The Special Service Group also hopes to recruit civilians with technical inventing skills a sort of James Bond-style agent "Q" to develop or adapt new equipment for use by police in covert or day-to-day field operations. A unit called the Advanced Technology Centre was created last year within the SSG to develop equipment for police operations. It has already created a "dog cam" that can be attached to a police dog that is sent into situations such as sieges. The Advanced Technology Unit is developing a video camera for police vehicles that will film encounters with the public. The electronic evidence recruits will not be allowed to tell anyone even their partners the nature of projects assigned to them. They will examine computer drives and even microchips from cars and mobile phones of people suspected of having links with terrorist organisations. Superintendent Jeffries said the cyber sleuths would examine computer pathways for hidden information and that staff selected would undergo training in forensic analysis so that any potential data relating to terrorist activities in NSW could be used in court in prosecutions of suspects. In the past NSW police have had to contract out such work to private enterprise, but last year Deputy Commissioner Andrew Scipione, the overall commander of counter-terrorism units within the force, successfully lobbied the Government for an extra $1.75 million to create the computer spy unit. "We will have to train them in skills of forensic analysis but we don't have to train them [successful applicants] in any computer sciences because they will already have that expertise," Superintendent Jeffries said. "In the past the force has paid for officers to obtain their IT qualifications only to see them lured away to the private sector. "We have had trouble retaining the officers with the skills we need, so recruiting from outside is a better option." - ISN is currently hosted by Attrition.org |
|
From: Matias B. <mbe...@cy...> - 2003-05-13 11:30:39
|
