Re: [sleuthkit-users] Autopsy over SSL?
Brought to you by:
carrier
Menu
▾
▴
Re: [sleuthkit-users] Autopsy over SSL?
|
From: Brooks, P. <pre...@tw...> - 2006-08-21 21:47:54
|
I started it, that was the "internal documentation" I alluded to = earlier. I still have the basic concept in my head and can (and = probably should) take the time to document it in detail for everyone's = usage. I am adding it to my todo now ;) That, however, is not as complex as what I am currently working to have = done. We have a home grown IR database built using HTML Mason and = Postgresql to track our incident documentation and provide a single = interface to our investigative tools. I started working and have now = delegated to my developer the task of managing most of the case creation = process through Mason. My goal is to actually bypass everything up = through the selection of Investigator and have the system select that = based on the authentication that has already occurred. Then, I can = remove access to the file system and create automated mechanisms for = image acquisition and have a strong authentication mechanism wrapped = around autopsy. -----Original Message----- From: sle...@li... on behalf of Angus = Marshall Sent: Mon 8/21/2006 6:09 PM To: sle...@li... Subject: Re: [sleuthkit-users] Autopsy over SSL? =20 Not adding anything to the debate - but isn't it wonderful that, in the = space of a couple of hours, we've come up with 4 ways to do this - meanwhile, I = know of someone who is struggling to do the same thing using a very popular = commercial tool on a dominant proprietary O/S. I love the smell of open source in the morning ;-) I think it would help us if the original poster could give us a bigger = clue about what they're trying to achieve... My personal preference is for a ssh type solution since it adds an = auditable authentication step - aiding continuity, but I can see situations where = the apache proxy could be useful too. The ssh + VNC solution is nice as it = solves the interrupted session problem and would allow the investigator to launch a = lengthy process (e.g. string search, file sorting) and leave the machine in a = secure state while it processes. The "farm" of ssh + apache sounds like a horrendously complex case to = have worked on! Have you written the method up for publication anywhere ? -------------------------------------------------------------------------= Using Tomcat but need to do more? Need to support web services, = security? Get stuff done quickly with pre-integrated technology to make your job = easier Download IBM WebSphere Application Server v.1.0.1 based on Apache = Geronimo http://sel.as-us.falkag.net/sel?cmd=3Dlnk&kid=3D120709&bid=3D263057&dat=3D= 121642 _______________________________________________ sleuthkit-users mailing list https://lists.sourceforge.net/lists/listinfo/sleuthkit-users http://www.sleuthkit.org |
