Exploring the Open Computer Forensics Architecture

Mass Processing

The complex and time-consuming OCFA installation is worthwhile in environments that support large and complex forensic analysis projects – and in cases in which the forensic and investigative tasks are easily separated. Note, however, that the sparse OCFA GUIs do not offer the convenience of other forensic tools.

The Author

Ralf Spenneberg works as a freelance Unix/Linux trainer, consultant, and author. He has published several books on the subject of intrusion detection, firewalling, and virtual private networks. His latest book "SELinux & AppArmor" was published recently.

Read full article as PDF:

040-041_ocfa.pdf  (244.41 kB)

Related content

  • Recovering Deleted Files

    Modern filesystems make forensic file recovery much more difficult. Tools like Foremost and Scalpel identify data structures and carve files from a hard disk image.

  • Tracing Intruders Intro

    You don't need expensive proprietary tools to practice the craft of computer forensics.

  • Caine

    Caine is a Linux distribution based on Ubuntu 10.04 for forensic scientists and security-conscious administrators. Poised to do battle against IT ne’er-do-wells, Caine has a comprehensive selection of software, a user-friendly GUI, and responsive support.

  • Memory Analysis

    In computer forensics, memory analysis is becoming increasingly important as a means for investigating security incidents. In this article, we provide an overview of the various memory dumping options on Linux and introduce the support in Linux for the Volatility Analysis Framework.

  • BackTrack and Sleuth Kit

    Once you determine a system has been attacked, boot to the BackTrack Live forensics distro and start your investigation with Sleuth Kit.

comments powered by Disqus

Direct Download

Read full article as PDF:

040-041_ocfa.pdf  (244.41 kB)

News