Investigating Windows systems with Linux
With the addition of a couple of extra packages, the Windows world is wide open to an investigator running Linux. If you need more of this good thing, take a look at the free forensic tools by Foundstone . These tools give investigators the ability to restore cookies, long-gone entries from the Windows trash can, and many other things.
Experienced Linux users might find the shell approach refreshing, but some users will prefer to avoid the complex command-line syntax. The learning curve for Linux newcomers will likely be steeper for open source tools compared with more expensive commercial products. The winner in the usability stakes has to be the fully automated Ophcrack Live CD, which removes the need for users to type pesky shell commands and displays the local user's Windows passwords shortly after booting.
When we tested this on an XP system (SP2), the CD took just 280 seconds to discover the credentials of the five user accounts (which included up to 14 characters; see Figure 5). The live Linux version on the CD includes just the tables for alphanumeric passwords without non-standard characters. If you want more, you will have to invest in the commercial Rainbow Tables.
- Guidance Software: http://www.guidancesoftware.com
- X-Ways: http://www.x-ways.net/corporate/index-m.html
- Ewfacquire: https://www.uitwisselplatform.nl/projects/libewf
- Helix: http://www.e-fense.com/helix
- Endianness: http://en.wikipedia.org/wiki/Endianness
- The Sleuth Kit: http://sleuthkit.org
- Wikipedia on file slack: http://en.wikipedia.org/wiki/File-Slack
- bmap: http://www.packetstormsecurity.org/linux/security/bmap-1.0.17.tar.gz
- File slack analysis on Linux: http://www.woerter.at/dud/stuff/fileslack.pdf
- Pasco download: http://downloads.sourceforge.net/odessa/pasco_20040505_1.tar.gz?modtime=1083715200&big_mirror=0
- Mork.pl: http://www.jwz.org/hacks/mork.pl
- Dumphive: http://v4.guadalinex.org/guadalinex-toro/pool/main/d/dumphive/dumphive_0.0.3-1_i386.deb
- Ophcrack and Ophcrack Live CD: http://ophcrack.sourceforge.net
- Foundstone Forensic Tools: http://www.foundstone.com/us/resources-free-tools.asp
The Raspberry Pi Foundation has announced an even smaller version of the tiny computer that will fit into a DIMM slot.
A new class of problems lets a malicious app pre-configure an invisible privilege update.
New Hack language adds static typing and other conveniences.
New crypto policy system will offer easier configuration and more uniform security.
Ubuntu founder denounces insecurity in proprietary, close-source software blobs.
Vulnerability affects many Linux web servers
The Bavarian capital shuns Microsoft, Google, and other alternatives to implement an open source groupware solution.
Phone vendor partnerships bring Mark Shuttleworth's dream of Ubuntu on a phone a step closer to reality.
Donors will get to vote on new features for the free video editor.
Debian project puts init out to pasture and says no to Ubuntu's Upstart.