sleuthkit-users

[sleuthkit-users] Creating practice images/drives

[Jennifer S. <g33...@li...>]

I mentioned this in an earlier message, but I thought it might be better to=
 break it off into a separate posting and to clarify my=20
question a little.

I asked if there is a how-to on creating images to practice with, basically=
 so that I can (in my spare time) work out the quirks in=20
what I am trying to do.

What I probably should have said was, what is the best way of setting up a =
drive in order to use it as a "forensic test case"?  In other words, if I w=
ant to have a drive that has X, Y, and Z items and then create the image (u=
sing dd) so that when I go to search the drive (using TSK, Autopsy, &/or ot=
her tools), I know that I should be able to find X, Y and Z, what is the be=
st way to go about that?  That way I can set up my own practice drive.

Barry, thanks for that reference guide - it looks like a great read, and I =
plan to use the .dd image for practice :)

Thanks for all the help!

-gg

--=20
_______________________________________________
Check out the latest SMS services @ http://www.linuxmail.org
This allows you to send and receive SMS through your mailbox.

Powered by Outblaze

Re: [sleuthkit-users] Creating practice images/drives

[Eagle I. S. Inc. <in...@ea...>]

One easy way to do this is to simply image your usualy workstation. The
one where you work every day, and analyse that.

For example, if you know you've sent mail to Mr. X, then simply shutdown
your machine, image your drive, analyse it in whatever you like, and then
off you go.

Every day you'll literally have a different image file to play with if you
like.

Niall.

Jennifer Smith wrote:
> I mentioned this in an earlier message, but I thought it might be better
> to break it off into a separate posting and to clarify my
> question a little.
>
> I asked if there is a how-to on creating images to practice with,
> basically so that I can (in my spare time) work out the quirks in
> what I am trying to do.
>
> What I probably should have said was, what is the best way of setting up a
> drive in order to use it as a "forensic test case"?  In other words, if I
> want to have a drive that has X, Y, and Z items and then create the image
> (using dd) so that when I go to search the drive (using TSK, Autopsy, &/or
> other tools), I know that I should be able to find X, Y and Z, what is the
> best way to go about that?  That way I can set up my own practice drive.
>
> Barry, thanks for that reference guide - it looks like a great read, and I
> plan to use the .dd image for practice :)
>
> Thanks for all the help!
>
> -gg
>
> --
> _______________________________________________
> Check out the latest SMS services @ http://www.linuxmail.org
> This allows you to send and receive SMS through your mailbox.
>
> Powered by Outblaze
>
>
> -------------------------------------------------------
> Using Tomcat but need to do more? Need to support web services, security?
> Get stuff done quickly with pre-integrated technology to make your job
> easier
> Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
> http://sel.as-us.falkag.net/sel?cmd=lnk&kid0709&bid&3057&dat1642
> _______________________________________________
> sleuthkit-users mailing list
> https://lists.sourceforge.net/lists/listinfo/sleuthkit-users
> http://www.sleuthkit.org
>

Re: [sleuthkit-users] Creating practice images/drives

[J B <je...@ad...>]

Brian's got some practice images at

http://dftt.sourceforge.net/

What's great is they're small, so you get the effect without waiting for 10 
GB searches.

Sigfind using my systems can take hours.

-Jessop 

Re: [sleuthkit-users] Creating practice images/drives

[Alonso C. Q. / R. <re...@gm...>]

Saludos:

> http://dftt.sourceforge.net/
>
> What's great is they're small, so you get the effect without waiting for =
10
> GB searches.
>

Yes, and also you can try with imagenes of the "Reto forense" You can
locate it in this url:http://www.seguridad.unam.mx/eventos/reto/  .
Somebody has some images to share and to analyze, welcome. X)

Excuse my english.

  Atte:

--
Alonso Caballero Quezada aka ReYDeS - Re...@gm...
http://alonsocaballero.informatizate.net - LRU # 307242
http://www.SWP-scene.org

Re: [sleuthkit-users] Creating practice images/drives

[eric <er...@ho...>]

I was wondering if sleuthkit tasks can be spawned on muliple computers 
with something like PVM?

J B wrote:

> Brian's got some practice images at
>
> http://dftt.sourceforge.net/
>
> What's great is they're small, so you get the effect without waiting 
> for 10 GB searches.
>
> Sigfind using my systems can take hours.
>
> -Jessop
>
>
> -------------------------------------------------------
> Using Tomcat but need to do more? Need to support web services, security?
> Get stuff done quickly with pre-integrated technology to make your job 
> easier
> Download IBM WebSphere Application Server v.1.0.1 based on Apache 
> Geronimo
> http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
> _______________________________________________
> sleuthkit-users mailing list
> https://lists.sourceforge.net/lists/listinfo/sleuthkit-users
> http://www.sleuthkit.org