I'd like to get an idea as to what people want out of this forum..and specifically what they want out of me. I can answer questions..write how to's(although there are plenty out there), provide resources...
so what would you all like to see?
Printable View
I'd like to get an idea as to what people want out of this forum..and specifically what they want out of me. I can answer questions..write how to's(although there are plenty out there), provide resources...
so what would you all like to see?
i would like to see some information on flash media -- mainly how to low level format, how to recover data that was deleted and how to edit the partitions (i think that classifies as forensics so long that i am looking for this information so that i can learn more about how an operating system interacts with these devices and how data can be manipulated/reconstructed on them)
I'd like to see a few tuts on forensics made sticky....not anything long-haired mind you...keep it simple. Two or three that explain the basics and will bring newbs (like myself) to a level of understanding that enables us to gain the basic knowlege needed to grasp the subject. Maybe one on basic terminology and methods, one that introduces the basic "forensics toolkit" and one that explains the purpose of computer forensics, it's uses in the real world, etc.
Just my .02
Greetings:
Uhm, I think hog's looking for "larger picture" things here, not specific questions. I think he's trying to decide how he should run this forum, and what features people would like to see out of it.Quote:
Originally posted here by djscribble
i would like to see some information on flash media -- mainly how to low level format,
As you mentioned before, tutorials and the like can easily be found in other places. Personally, when it comes to forensics, I've always been most interested in case studies. Like most aspects of criminology, it seems that you can learn the most by reading about specific incidents, how they were handled, and what the end results were.
Perhaps people can be on the lookout for interesting cases in the news where it's obvious a forensics expert was utilized. Hog could then contact those involved in the case, and maybe get them to do a Q & A about it.
Maybe if I get some time and motivation, I'll do some write ups on some of the cases that I've worked on in the past as well, and post them online somewhere.
If I wasn't mentally spent I would start working on these things now..but I am tired, and have to be up early.
I would like to se more postings concerning wifi security for both home AP's and Public hotspots.
Mabey even some scenerio workups.
Greetings:
Lesson #1 for stupid newbie: Bother to read what forum a thread is in before you post to it and make an ass out of yourself.Quote:
Originally posted here by spamdies
I would like to se more postings concerning wifi security for both home AP's and Public hotspots.
read..read..then read some more. damn.
Greetings:
One more thought. How about you get JupM to have a forensics files section. I have a TON of unclassified stuff from the military that can be used for examinations, plus a bunch of other things people that I know have made as well. I'm sure that you and others have things that they could contribute to it as well (freeware, opensource, etc.) It would be nice to provide people some toys to play with, even if they don't do anything more with them than examinations of their own boxes and media....
I doubt jupm would spring for that...I can see if I can host something at work though..except they charge for bandwidth.
Id like to see some more info on how to gather information on what a user is/has been doing on a computer, I.E. surfing habits, files opened, dos commands used etc. From the info windows stores, what tools are best and how to use them.
And/or
How to analyze windows malware, I.E. what to look for and what to do with the information you acquire.
i would like that too. There is tons of material on internet about forensincs, but most of time i have no idea how use that on a specific subject. I rather prefer to see "the action". Instead of a tut writters, "story tellers" will be appreciated.Quote:
I've always been most interested in case studies. Like most aspects of criminology, it seems that you can learn the most by reading about specific incidents, how they were handled, and what the end results were.
I've got a couple of hundred megs to spare on the same server the Tutorials Index is on if you can come up with something worthwhile...
Something worthwhile? mwahaha everything I do is worthwhile neg :D Give me a little time to compile tools with JP. I've got oodles that I use daily..and he's got some goodies.
Tedob1: mmmm malware analysis..now that's got secks appeal, and that's half of what I am doing.
Following DJScribble: I would like to see a low level formatter that will actually work on more than one companies hard drive. A bootable floppy, or CD/DVD image. It seems to me that each hard drive manufacturer has their own "low level format utility", but something that could be used industry wide would be great.
Ok, let's get one thing straight.
Low level formatting doesn't really exist anymore except in terminology only.
Low level formatting used to be when everything about the drive would get rewritten. ie the sector information would be re-traced on to the disk and the tracks would be re-defined to return the drive to factory defaults. This is why they never handed them out, and why they ruined the disk 50% of the time.
[EDIT]
**Note this is my experience with LLF..not what the rest of the world experienced.**
[/EDIT]
The low level formatting you are familiar with today is simply nothing more than a utility that writes 0's to the drive. They are called zero fill utilities. They typically exist in 2 flavors. One will do a quick fill, which means it wipes the partition information and the mbr. a full fill writes 0's to every sector on the disk, effectively blanking it.
You want to fill a disk with 0's and have it be independent of the disk? use linux.
dd if=/dev/zero of=/dev/<insert hard drive name here>. add /dev/random in there and have a blast! just start typing crap on the keyboard to feed it.
There are much better utilities to use that accomplish the same thing and they do a better job. For instance..symantec(norton) ghost has a utility called GDISK. gdisk can wipe a drive following DoD standard 5220.22-M, which is flushed and filled 7 times with 0's and then random characters. google that number and you can read it in detail.
HogFly, great idea for a thread. Since I'm getting into the field of forensics for a career, I'd like to see more strategies used in the field, tools, tips/tricks, and job opportunities available. I'd also would like to see what the job requires out of a forensics analyst and how one can better improve oneself for the job.
Peace.
/Edit:
IN response to secgod:
If you are trying to properly dispose of the floppy disks and the CD roms or any other portable media, which you are not planning on using again, a butane lighter, a shredder or a hammer or anything that you can think of to destroy it...can be quite effective. As for an industry wide tool, many hardware magnetic data erasers are available today. We used those to erase all the data from the HDDs at the Bank i worked for. Before we donated the computers (we were upgrading), we went through each HDD, and passed them through the magnet...as far as I noticed...it was pretty effective.
http://www.datarecovery.net/Case_Studies.aspQuote:
Originally posted here by Cybr1d
/Edit:
IN response to secgod:
If you are trying to properly dispose of the floppy disks and the CD roms or any other portable media, which you are not planning on using again, a butane lighter, a shredder or a hammer or anything that you can think of to destroy it...can be quite effective. As for an industry wide tool, many hardware magnetic data erasers are available today. We used those to erase all the data from the HDDs at the Bank i worked for. Before we donated the computers (we were upgrading), we went through each HDD, and passed them through the magnet...as far as I noticed...it was pretty effective. [/B]
ph33r the electron microscope and the clean lab!!! Of course they probably got lucky with the burned hard drive and tapes...
magnets are fun, but hammers, screwdrivers across running platters, and shotguns are so much more entertaining. I forget who it was..but a friend of mine suggested you save all of your hard drives for disposal, then rent a steamroller :D
I saw one video of a guy that poured magnesium(or was it mercury..) in to his laptop and lit it. Now that was funny!
and the microwave works wonders on cd's..it melts the protective layer off in a little light show.
I dont have the time now to looks for posts and thread, but how come you became a moderator (not that i'm against it, i'm just curious. i saw that you had the mod title in JP's suggestion thread and i didnt see any announcement etc...
well off to work
and oh...back to topic please....
I would like to see stupid threads closed :) Yeah yeah, i'll use the report button more often now !
He's the moderator of the forensics forum. Hence the post to find out what's wanted in the forensics forum.
I don't really have much to add to what's been said but I'm interested in the developements soon to come.
Oh, and here's the thread kind of announcing//welcoming him as a moderator. :P
http://www.antionline.com/showthread...hreadid=262202
Hogfly was made a moderator so he can "officially" tell you that:
1. You went off-topic.
2. The "back to topic please"-portion of your post is off-topic as well.
:D
Sweet tx man.....cant u see im not an addict yet lol, or did you do that on purpose just to make me mad :) anyways..tx...and ummm back to topic now, i wont disturb anymo'Quote:
Oh, and here's the thread kind of announcing//welcoming him as a moderator. :P
http://www.antionline.com/showthrea...threadid=262202
I didn't think I was important enough to get an official thread saying that I was the moderator of this forum. And hey look, my "title" is even accurate now, so all you whining simpletons can stop your kvetching. Thanks for spamming a useful thread with crap.
The best thing a forensics forum can do is display actual case studies, (sanitized, obviously), and detail the methodology that was used. I think it's also _very_ important to make people understand that there are two "variants" of forensics, that of finding out what happened "regardless" of the method and those that found out what happened with the intent of prosecution. They are so different as to really be two different disciplines which needs to be made clear....
Good luck Hog.... I expect some good reading.... In between your regular work schedule... ;)
tiger: Yep, it's called incident response and forensics. That's the easiest way to define the 2 "variants"
Spoken like a true AO moderator?........modest, accurate, humble?Quote:
so all you whining simpletons can stop your kvetching. Thanks for spamming a useful thread with crap.
Moderators moderate old chap, they do not "rise to the bait" :D
Hog:
Yeah, but how many people _get_ the difference?
Nihil:
ROFLMAO.... I was going to pos you but I can't.... Too funny.... and why I don't want a Mod position anywhere.... I can't slap the stupid ones....Quote:
Moderators moderate old chap, they do not "rise to the bait"
ok considering i just got called stupid by pretty much the creator of this forum, i will do everyone a favor and stop posting to this board. and by senerio work up i meant a disscussions, but ok, im stupid. And since only closed discussions show up on the active threads by default when you first load AO, I guess im stupid for reading or repling to it, thats what the open security forums are for i guess. no hard feelings how was defcon???
Hmmmm,
Spamdies:
Is that the reasoned, rational, helpful post to which you are alluding?Quote:
Lesson #1 for stupid newbie: Bother to read what forum a thread is in before you post to it and make an ass out of yourself.
Only a wild guess on my part................. :)
But then I am my own man............If I sell something..............it is, and stays, sold......
I think that someone will understand and STFU?
my views
Greetings:
Quote:
Originally posted here by nihil
Is that the reasoned, rational, helpful post to which you are alluding?
Yes it was. And I was right, he is stupid. See:
Quote:
Originally posted here by spamdies
And since only closed discussions show up on the active threads by default when you first load AO, I guess im stupid for reading or repling to it, thats what the open security forums are for i guess. no hard feelings how was defcon???
Yep.
Quote:
ok considering i just got called stupid by pretty much the creator of this forum, i will do everyone a favor and stop posting to this board. and by senerio work up i meant a disscussions, but ok, im stupid. And since only closed discussions show up on the active threads by default when you first load AO, I guess im stupid for reading or repling to it, thats what the open security forums are for i guess. no hard feelings how was defcon???
:pQuote:
Thanks for spamming a useful thread with crap.
Seeing how this thread has gone off topic:
JP, I don't even know you, but from the above post and other posts of yours lately, grow up, you sound like an 8 year old who has had his toys taken away. My son and daughter would never whine the way you have lately. I will give you credit though. You have taken whining to a new level.:rolleyes:Quote:
Yes it was. And I was right, he is stupid. See:
ugh
If anyone has anything useful to say..PM it to me.