Posted on

Security Sites

This resources page contains a list of the 11 security sites.

Please note that MacForensicsLab is not necessarily affiliated with any of the sites listed below. Opinions and facts posted on these sites are the responsibility of the respective site owner. We have posted these links as a service to the forensics, eDiscovery, and law enforcement communities and receive no revenue for their placement.
 


 

MacForensicsLab.com recommended site - Help Net Security

Help Net Security (HNS) is an online portal that covers all the major information security happenings. The portal has been online since 1998 and caters a large number of Information Technology readers specifically interested in computer security. Besides covering news around the globe, HNS focuses on quality technical articles and papers, vulnerabilities, various vendor advisories, latest viruses, malware and hosts the largest security software download area with software for Windows, Linux, Mac OS X and Windows Mobile.
 


 

MacForensicsLab.com recommended site - The Honeynet Project

The Honeynet Project is a non-profit (501c3) volunteer, research organization dedicated to learn the tools, tactics and motives involved in computer and network attacks, and share the lessons learned.
 


 

MacForensicsLab Recommended Site - Security Focus

Security Focus – a good source of security information on the Internet.

Quoted from the Security Focus “about” page

Since its inception in 1999, SecurityFocus has been a mainstay in the security community. From original news content to detailed technical papers and guest columnists, we’ve strived to be the community’s source for all things security related. SecurityFocus was formed with the idea that community needed a place to come together and share its collected wisdom and knowledge. At SecurityFocus, the community has always been our primary focus. The SecurityFocus website now focuses on a few key areas that are of greatest importance to the security community.

  • BugTraq is a high volume, full disclosure mailing list for the detailed discussion and announcement of computer security vulnerabilities. BugTraq serves as the cornerstone of the Internet-wide security community.
  • The SecurityFocus Vulnerability Database provides security professionals with the most up-to-date information on vulnerabilities for all platforms and services.
  • SecurityFocus Mailing Lists allow members of the security community from around the world to discuss all manner of security issues. There are currently 31 mailing lists; most are moderated to keep posts on-topic and to eliminate spam.

 


 

MacForensics.com Recommended Site - Forensic Science Communications

Forensic Science Communications (FSC) is a peer-reviewed forensic science journal published quarterly in January, April, July, and October by FBI Laboratory personnel. It is a means of communication between forensic scientists. Forensic Science Communications supersedes the Crime Laboratory Digest. Online access is free and archives date back to 1999.

Note
Forensic Science Communications premiered in April 1999 and ended in April 2010. These back issues have been archived and made available for your review.

 


 

MacForensics.com Recommended Site - Computer Security Institute

Computer Security Institute serves the needs of Information Security Professionals through membership, educational events, security surveys and awareness tools. Joining CSI provides you with high quality CSI publications, discounts on CSI conferences, access to on-line archives, career development, networking opportunities and more.
 


 

MacForensics.com Recommended Site - The CERT Program

The CERT Program is part of the Software Engineering Institute (SEI), a federally funded research and development center at Carnegie Mellon University in Pittsburgh, Pennsylvania. Following the Morris worm incident, which brought 10 percent of internet systems to a halt in November 1988, the Defense Advanced Research Projects Agency (DARPA) charged the SEI with setting up a center to coordinate communication among experts during security emergencies and to help prevent future incidents. This center was named the CERT Coordination Center (CERT/CC).
 


 

MacForensics.com Recommended Site - Securelist.com

Securelist.com (formerly Viruslist.com)- Permanently replenishing information about new viruses. Mechanisms of breeding and operation, detailed analysis of algorithms of viruses.
 


 

MacForensics.com Recommended Site - Insecure.org

Insecure.org is an internet security site and the home of the popular NMAP Network Security Scanner tool.
 


 

MacForensics.com Recommended Site - Security Tracker

SecurityTracker is a service that helps you to keep track of the latest security vulnerabilities. They monitor a wide variety of Internet sources for reports of new vulnerabilities in Internet software and/or services. They provide our users with a timely and reliable source for vulnerability notification.
 


 

MacForensics.com Recommended Site - Packet Storm

.:[ packet storm ]:. – Information and computer security full disclosure web site.
 


 

MacForensics.com Recommended Site -

SecuriTeam is a group within Beyond Security dedicated to bringing you the latest news and utilities in computer security.
 


 

LinuxSecurity.com

LinuxSecurity.com was first launched in 1996 by a handful of Open Source enthusiasts and security experts who recognized a void in the availability of accurate and insightful news relating to open source security issues. Led by Dave Wreski, who currently serves as chief executive officer of Guardian Digital, this group has grown into a global network of collaborators who devote their time to gathering and publicizing the latest security news, advisories and reports relevant to the Linux community. Headquartered in Guardian Digital’s offices in Allendale, New Jersey, LinuxSecurity.com’s editorial and web development staff also creates feature articles, commentaries and surveys designed to keep readers informed of the latest Linux advancements and to promote the general growth of Linux around the world.
 

Posted on

List of bulletin boards

Whether you are in search of opinions on a forensics related question, or want to share your experience with fellow investigators, here’s a few bulletin boards you may want to consider.

Please note that MacForensicsLab is not necessarily affiliated with any of the sites listed below. Opinions and facts posted on these sites are the responsibility of the respective site owner. We have posted these links as a service to the forensics, eDiscovery, and law enforcement communities and receive no revenue for their placement.


MacForensics.com Recommended Site - Forensic Focus Forums A bulletin board brought to you by the Forensic Focus website.
 


MacForensics.com Tips - Apple mailing list Mailing list for government computer forensics professionals interested in learning and discussing how to best leverage Apple technology and various industry applications.
 


MacForensics.com Recommended Site - Computer Forensics World A bulletin board brought to you by the Computer Forensics World website.

 

Posted on

macOS related sites

This resources page contains a list of more technical Mac OS related sites. If you are interested in Macs related technical information, tips and insights, you may want to start with the following list.

Please note that MacForensicsLab is not necessarily affiliated with any of the sites listed below. Opinions and facts posted on these sites are the responsibility of the respective site owner. We have posted these links as a service to the forensics, eDiscovery, and law enforcement communities and receive no revenue for their placement.


SecureMac.com

SecureMac was historically one of the best sites for information on mac security topics. Definitely a recommended read.

Quoted from the SecureMac.com site:

Mac security is a more serious problem than most people think. It’s true that Macintosh computers have lower security risks than the average PC, but running security software for Macs is every bit as essential.
SecureMac has operated at the cutting edge of Apple security for over a decade. We produce some of the best security software for Mac computers on the market. And we’ve won the awards to prove it.
If you’re reading this right now, you’ve probably realized that securing your Mac against malware and privacy threats is important. If you want to keep your Mac secure, you’ve come to the right place.

 


MacUpdate

MacUpdate is an app/software download website that simplifies finding, buying and installing apps for your Macintosh computer.

MacUpdate.com is updated daily and currently carries more than 40,000 Macintosh applications for download.

 


MacForensicsLab for Mac OS X

Click here to visit a page on this site about MacForensicsLab for Mac OS X. The software is a complete forensics suite that is fully cross platform and available on Mac OS X, Microsoft Windows, as well as Linux.

This product is owned and produced by the owners of this website and the page you will be linking to is inside this website.
 


MacSurfer.com

www.MacSurfer.com is a news aggregator site for Mac OS X news sites. A handy site to find links to all things happening in the mac world.

 


Stuffit Expander

In earlier days – the Mac OS stored compressed files using a program called ‘Stuffit’, you may have seen these files around with a suffix of .sit or .sitx. Since OS X version 10.3, zip compression has been built in but occasionally you will still see legacy files around using this format.

The decompression tool is available for free download and runs mac and other platforms. You can download the expander by clicking here.

 


 

GraphicConverter

Perhaps the most powerful tool for working with graphic formats. This program can open almost every graphic format ever made, and is well known for it’s ability to handle “less than perfect” files. Try it for free and see the great features. We recommend this product to all mac users.

 


Apple Product Specifications

An official and comprehensive list of specifciations for all Apple products. Use this list to get details on past and present features for iPods, Mac computers, iPhones, and much more.

 


Apple Computer

An official source for security updates on Mac OS X. Users of Mac OS X can also get all their updates by selecting ‘Software update…’ from the Apple menu on the top left corner of the screen, or simply by waiting for the process to be performed automatically.

Quoted from the Apple site:

This document outlines security updates for Apple products. For the protection of our customers, Apple does not disclose, discuss or confirm security issues until a full investigation has occurred and any necessary patches or releases are available. To learn more about Apple Product Security, see the Apple Product Security website.

 


MacFixIt of Cnet

MacFixIt, now part of CNET provides latest news, reviews of software and hardware products, and the latest workarounds and solutions to technical roadblocks and frustrating barriers.

 


MacInTouch

MacInTouch is an independent journal providing timely, reliable news, information and analysis about Apple Macintosh and iPhone/iOS platforms.

 


Mac OS X Hints

The Mac OS X Hints site gives handy tips and tricks for all things Apple.

Quoted from the Mac OS X Hints website:

I should first say that OS X public beta was my first real exposure to UNIX, and that’s probably one of the bigger reasons for this site — a good friend of mine is a UNIX wizard, and I’m sure he was getting tired of my calls! While trying to learn the system, I was getting somewhat frustrated at having to jump all over the web to find answers to OS X questions. There are some excellent sites out there (make sure you check out the links pages here), but none that seemed to focus specifically on providing how-to’s in a quick, easy-to-use format.

So in November of 2000, I launched macosxhints.com … and in the last five-plus, it has grown into a collection of thousands of hints regarding OS X and related applications, with multiple thousands of comments from experienced users providing even more information. It’s truly a one-stop-shop for OS X hints and how-to’s, and I’m amazed at just how intelligent and friendly the macosxhints community is!

Update — Mac OS X Hints is now a read-only site. There’s still a wealth of great information there the many will find useful.

Posted on

Forensics Related Sites

On this Page:

This resources page contains a list of Forensics related sites.
Please note that MacForensicsLab is not necessarily affiliated with any of the sites listed below. Opinions and facts posted on these sites are the responsibility of the respective site owner. We have posted these links as a service to the forensics, eDiscovery, and law enforcement communities and receive no revenue for their placement.

 


 

Advanced ForensicsFormat (AFF)

AFF (Advanced Forensics Format) is an open and extensible file format designed to store disk images and associated metadata. Using AFF, the user is not locked into a proprietary format that may limit how he or she may analyze it. An open standard enables investigators to quickly and efficiently use their preferred tools to solve crimes, gather intelligence, and resolve security incidents.
 


 

AFCEA International

AFCEA International is a non-profit membership association serving the military, government, industry, and academia as an ethical forum for advancing professional knowledge and relationships in the fields of communications, IT, intelligence, and global security.
 


 

The American Academy of Forensics Sciences

The American Academy of Forensics Sciences is a multi-disciplinary professional organization that provides leadership to advanced science and it’s applications to the legal system. The objectives of the Academy are to promote education, foster research, improve practice, and encourage collaboration in the forensic sciences.
 


 

The American Board of Criminalistics

The American Board of Criminalistics is composed of regional and national organizations which represent forensic scientists. It’s an organization that provides forensic certification in a number of different forensic fields. They look to: establish professional levels of knowledge, skills and abilities; define a mechanism for achieving these levels; recognize those who have demonstrated attainment of these levels; and promote growth within the profession.
 


 

AntiChildPorn.Org

AntiChildPorn.Org (ACPO) is an organization, comprised of volunteers from all around the world, whose mission is to stop the sexual exploitation of the world’s children. For the past five years ACPO has been addressing the issues of Child Pornography production and distribution via the Internet, as well as the predatory use of the Internet for the sexual abuse of children.

Homepage has not been updated since 2006.
 


 

 Association Of Sites Advocating Child Protection

Association Of Sites Advocating Child Protection – Founded in 1996, the Association of Sites Advocating Child Protection (ASACP) is a non-profit organization dedicated to eliminating child pornography from the Internet. ASACP battles child pornography through its CP reporting hotline, and by organizing the efforts of the online adult industry to combat the heinous crime of child sexual abuse. ASACP also works to help parents prevent children from viewing age-inappropriate material online.
 


 

Computer Forensics World

Computer Forensics World – A large database driven news site for the law enforcement, e-discovery, and digital forensics community.

A quote for the Computer Forensics World website:

Computer Forensics World is a growing community of professionals involved in the digital forensics industry. It is an open resource, free for all to access and to use. It strongly encourages the sharing of information and peer to peer assistance.

To support this initiative, a range of interactive facilities are available, including surveys, forums and posting areas for information and papers. Please feel free to use all these features.

As with all user groups and communities, its success ultimately depends upon its members. Greater involvement by larger numbers will always create a more vibrant and useful experience.

 


 

Computer-Forensics.co.uk

Computer-Forensics.co.uk – The main users of Computer Forensics are law enforcement officers, as a large percentage of crimes in some way utilise digitally stored data. This data could be a phone call made on a mobile phone, (or cell phone), which could place an individual at the scene of a crime, (or of course away from it), accounts for illegal activities such as drug sales, images of pedophilia, human resource issues, hacking, email abuse, unauthorised data duplication, IP theft etc. Corporate organisations are utilising computer forensics more and more now as they often have to investigate incidents such as inappropriate computer use, inappropriate email use, unauthorised data duplication and disloyal employees. Human Resource departments and Internal Security are the biggest users of these specialist corporate services. Private individuals may also use these services. It may be the lover cheating on their partner, or inappropriate internet use by a family member.
 


 

COSPOL Internet Related Child Abusive Material Project

CIRCAMP is one of several COSPOL groups on various crime areas, and had worked on other Action Plans since its initiation in 2004. COSPOL is an abbreviation for Comprehensive Operational Strategic Planning for the Police.

 


 

Cybercrime Summit

The Cybercrime Summit is a yearly computer forensics event held in Kennesaw, Georgia. Forensic professionals from all over the US attend this 5 day event.

The event has not been held since 2007.
 


 

Digital Forensics Research Conference

DFRWS (Digital Forensics Research Conference) is dedicated to the sharing of knowledge and ideas about digital forensics research. Ever since it organized the first open workshop devoted to digital forensics in 2001, DFRWS continues to bring academics and practitioners together in an informal environment. As a non-profit, volunteer organization, DFRWS sponsors annual conferences, technical working groups, and challenges to help drive the direction of research and development.
 


 

CCIPS

The Computer Crime and Intellectual Property Section (CCIPS) is responsible for implementing the Department’s national strategies in combating computer and intellectual property crimes worldwide.

The Computer Crime Initiative is a comprehensive program designed to combat electronic penetrations, data thefts, and cyberattacks on critical information systems. CCIPS prevents, investigates, and prosecutes computer crimes by working with other government agencies, the private sector, academic institutions, and foreign counterparts. Section attorneys work to improve the domestic and international infrastructure-legal, technological, and operational-to pursue network criminals most effectively.

The Section’s enforcement responsibilities against intellectual property crimes are similarly multi-faceted. Intellectual Property (IP) has become one of the principal U.S. economic engines, and the nation is a target of choice for thieves of material protected by copyright, trademark, or trade-secret designation. In pursuing all these goals, CCIPS attorneys regularly run complex investigations, resolve unique legal and investigative issues raised by emerging computer and telecommunications technologies; litigate cases; provide litigation support to other prosecutors; train federal, state, and local law enforcement personnel; comment on and propose legislation; and initiate and participate in international efforts to combat computer and intellectual property crime.

 


 

Expert Witness Network

Expert Witness Network – The mission of the Expert Witness Network is to link attorneys and expert witnesses via the World Wide Web by using online technology to reduce the time and costs associated with locating the best expert for a case.
 


 

Federal Bureau Of Investigation

The FBI is the principal investigative arm of the United States Department of Justice. It has the authority and responsibility to investigate specific crimes assigned to it. The FBI also is authorized to provide other law enforcement agencies with cooperative services, such as fingerprint identification, laboratory examinations, and police training.
 


 

Forensic Focus

Forensic Focus is a forensic community with over thirty thousand members. It provides a platform for digital forensics and eDiscovery professional with forums, email discussion list, and newsletter.
 


 

Forensics Wiki

Forensics Wiki – a Creative Commons-licensed wiki devoted to information about digital forensics.
 


 

Forum for Incident Response and Security Teams

FIRST brings together a variety of computer security incident response teams from government, commercial, and educational organizations. FIRST aims to foster cooperation and coordination in incident prevention, to stimulate rapid reaction to incidents, and to promote information sharing among members and the community at large.
 


 

HTCIA High Technology Crime Investigation Association

The High Technology Crime Investigation Association (HTCIA) is designed to encourage, promote, aid and effect the voluntary interchange of data, information, experience, ideas and knowledge about methods, processes, and techniques relating to investigations and security in advanced technologies among its membership.
 


 

International Journal of Digital Evidence

International Journal of Digital Evidence (IJDE) is a forum for discussion of theory, research, policy, and practice in the rapidly changing field of digital evidence.
 


 

MacForensicsLab for Mac OS X

Click here to visit a page on this site about MacForensicsLab for Mac OS X. The software is a complete forensics suite that is fully cross platform and available on Mac OS X, Microsoft Windows, as well as Linux.

This product is owned and produced by the owners of this website and the page you will be linking to is inside this website.

 


 

National Forensic Science Technology Center

The National Forensic Science Technology Center is a not-for-profit corporation funded by a Cooperative Agreement with the National Institute of Justice (NIJ) and provides programs that build individual competency and quality systems for the forensic science community in the United States.
 


 

National Institute Of Justice

National Institute Of Justice – NIJ is the research, development, and evaluation agency of the U.S. Department of Justice and is dedicated to researching crime control and justice issues. NIJ provides objective, independent, evidence-based knowledge and tools to meet the challenges of crime and justice, particularly at the State and local levels. NIJ’s principal authorities are derived from the Omnibus Crime Control and Safe Streets Act of 1968, as amended (see 42 USC 3721-3723) and Title II of the Homeland Security Act of 2002.
 


 

National Institute of Justice

The National Institute of Justice’s (NIJ’s) Office of Science and Technology, the National Law Enforcement and Corrections Technology Center (NLECTC) system serves as an "honest broker" offering support, research findings, and technological expertise to help State and local law enforcement, corrections, and other criminal justice personnel perform their duties more safely and efficiently.
 


 

National Institute Of Standards and Technology

National Institute Of Standards and Technology (NIST) – The Computer Forensics Tools Verification project provides a measure of assurance that the tools used in the investigations of computer-related crimes produce valid results. It also supports other projects in the National Institute of Justices overall computer forensics research program, such as the National Software Reference Library (NSRL).
 


 

The National Security Agency

The National Security Agency/Central Security Service is Americas cryptologic organization. It coordinates, directs, and performs highly specialized activities to protect U.S. government information systems and produce foreign signals intelligence information. A high technology organization, NSA is on the frontiers of communications and data processing. It is also one of the most important centers of foreign language analysis and research within the government.
 


 

Officer.com

Officer.com provides today’s law enforcement officer with up to date news, information, and resources to help them do their job.
 


 

Open Source Digital Forensics

The Open Source Digital Forensics site is a reference for the use of open source software in digital investigations (a.k.a. digital forensics, computer forensics, incident response). Open source tools may have a legal benefit over closed source tools because they have a documented procedure and allow the investigator to verify that a tool does what it claims.
 


 

Reddy's Forensic Page

 Reddy’s Forensic Page is run by a retired forensic scientist with Police Laboratory, New York City Police Department. He spent 36 years in the forensics field and his site is a large collection of forensics material and links.
 


 

Regional Computer Forensics Laboratory

Regional Computer Forensics Laboratory – The RCFL is a one-stop, full service forensics laboratory and training center devoted entirely to the examination of digital evidence in support of criminal investigations, such as, but not limited to

  • Terrorism
  • Child pornography
  • Crimes of violence
  • The theft or destruction of intellectual property
  • Internet crimes
  • Fraud

 


 

Royal Canadian Mounted Police Technical Security Branch

Royal Canadian Mounted Police Technical Security Branch – The Technical Security Branch (TSB) is part of the RCMP’s Technical Operations and are dedicated to providing the Canadian federal government with a full range of professional physical and IT security services.
 


 

SWGDE

The Scientific Working Group on Digital Evidence (SWGDE) brings together organizations actively engaged in the field of digital and multimedia evidence to foster communication and cooperation as well as ensuring quality and consistency within the forensic community.
 


 

The Computer Crime Research Center

The Computer Crime Research Center was created in 2001 to conduct research in legal criminal and criminological problems of cybercrime with the purpose to render scientific and methodical aid, consulting. They accumulate experience and perform analysis of results of scientific practical research in counteracting and preventing computer crimes.
 


 

The Computer Forensics Tool Testing project

The Computer Forensics Tool Testing (CFTT) project provides a measure of assurance that the tools used in computer forensics investigations produce accurate results. The CFTT develops specifications and test methods for computer forensics tools and then tests tools to those specifications. The results help toolmakers improve the tools, users make informed choices about acquiring and using computer forensics tools, and the legal community and others to understand the tools’ capabilities. This approach for testing computer forensic tools is based on well recognized methodologies for conformance testing and quality testing.
 


 

The Electronic Discovery Reference Model

EDRM, now a part of the Duke Law Center for Judicial Studies, creates practical resources to improve e-discovery and information governance. Since 2005 EDRM has delivered leadership, standards, best practices, tools, guides and test data sets to improve electronic discovery and information governance. Member individuals, law firms, corporations and government organizations actively contribute to the direction of EDRM.
 


 

The National Center for Forensic Science

The National Center for Forensic Science provides research, education, training, tools and technology to meet the current and future needs of the forensic science, investigative and criminal justice communities. The NCFS is a program of the National Institute of Justice hosted by the University of Central Florida.
 


 

The National Museum of Crime & Punishment

The National Museum of Crime & Punishment, located in Washington, D.C. The museum displays excellent depictions of historically famous crime scenes along with detailed information concerning national crime and punishment.

Forensics professionals are invited to join the forensic blog.
 


 

The Virtual Global Taskforce

The Virtual Global Taskforce (VGT) is made up of police forces from around the world working together to fight online child abuse.
 

Posted on

Windows Related Sites

This resources page contains a list of Windows centric security and forensics related sites.

Please note that MacForensicsLab is not necessarily affiliated with any of the sites listed below. Opinions and facts posted on these sites are the responsibility of the respective site owner. We have posted these links as a service to the forensics, eDiscovery, and law enforcement communities and receive no revenue for their placement.
 


 

Access Data

Access Data are the producers of ForensicToolKit (aka FTK) as well as other tools for the Microsoft Windows Platform.

Quoted from the AccessData website:

AccessData Group has pioneered digital forensics and litigation support for more than twenty years. Over that time, the company has grown to provide both stand-alone and enterprise-class solutions that can synergistically work together to enable both criminal and civil E-Discovery of any kind, including digital investigations, computer forensics, legal review, compliance, auditing and information assurance. More than 130,000 customers in law enforcement, government agencies, corporations and law firms around the world rely on AccessData software solutions, and its premier digital investigations products and services. AccessData Group is also a leading provider of digital forensics training and certification, with our much sought after AccessData Certified Examiner® (ACE®) and Mobile Phone Examiner Certification AME programs.
 


 

MacForensics.com Recommended Site -Guidance Software

Guidance Software are the producers of Encase – a venerable forensics tool for the Microsoft Windows Platform.

Quoted from the Encase website:

At Guidance, we exist to turn chaos and the unknown into order and the known–so that companies and their customers can go about their daily lives as usual without worry or disruption, knowing their most valuable information is safe and secure.

Makers of EnCase®, the gold standard in digital investigations and endpoint data security, Guidance provides a mission-critical foundation of applications that have been deployed on an estimated 33 million endpoints and work in concert with other leading enterprise technologies from companies such as Cisco, Intel, Box, Dropbox, Blue Coat Systems, and LogRhythm.

Our field-tested and court-proven solutions are used with confidence by 78 of the Fortune 100 and hundreds of agencies worldwide.


 


 

MacForensics.com Recommended Site - Information Week

Information Week Security provides the latest updates on sercurity news from around the web.
 


 

Microsoft Security Central

Microsoft Security Central contains information on the latest security updates for all Microsoft products.
 


 

Windows IT Pro

WindowsITPro is the leading independent, impartial source of practical, technical information to help IT professionals better understand and manage the Windows and Server enterprise. Each month, they help over millions of IT professionals overcome the same issues you struggle with every day.

 


 

WindowsSecurity.com

WindowSecurity.com contains latest Windows security articles and tutorials on the following topics:

  • Authentication, Access Control & Encryption
  • Cloud Computing
  • Content Security (Email & FTP)
  • Firewalls & VPNs
  • Intrusion Detection
  • Misc Network Security
  • Mobile Device Security
  • Viruses, trojans and other malware
  • Web Application Security
  • Web Server Security
  • Windows 10 Security
  • Windows 2003 Security
  • Windows Networking
  • Windows OS Security
  • Windows Server 2008 Security
  • Windows Server 2012 Security
  • Windows Server 2016 Security
  • Wireless Security

 

Posted on

Linux Related Sites

This resources page contains a list of many authoritative Linux related sites and tools.

Please note that MacForensicsLab is not necessarily affiliated with any of the sites listed below. Opinions and facts posted on these sites are the responsibility of the respective site owner. We have posted these links as a service to the forensics, eDiscovery, and law enforcement communities and receive no revenue for their placement.
 


International Journal of Digital Evidence

The Sleuth Kit (TSK) is a collection of UNIX-based command line tools that allow you to investigate a computer. The current focus of the tools is the file and volume systems and TSK supports FAT, Ext2/3, NTFS, UFS, and ISO 9660 file systems.

The Sleuth Kit (previously known as TASK) is a collection of UNIX-based command line file and volume system forensic analysis tools. The file system tools allow you to examine file systems of a suspect computer in a non-intrusive fashion. Because the tools do not rely on the operating system to process the file systems, deleted and hidden content is shown.

The volume system (media management) tools allow you to examine the layout of disks and other media. The Sleuth Kit supports DOS partitions, BSD partitions (disk labels), Mac partitions, Sun slices (Volume Table of Contents), and GPT disks. With these tools, you can identify where partitions are located and extract them so that they can be analyzed with file system analysis tools.

When performing a complete analysis of a system, we all know that command line tools can become tedious. The Autopsy Forensic Browser is a graphical interface to the tools in The Sleuth Kit, which allows you to more easily conduct an investigation. Autopsy provides case management, image integrity, keyword searching, and other automated operations.

 


International Journal of Digital Evidence

ASR Data has been recognized as a leading authority in the field of computer investigations by the United States Department of Justice.

Quoted from the ASR website

In 1984 , ASR Data began providing custom software solutions to companies that needed vertical market software tailored to their specific requirements.

In 1992, ASR Data was asked to develop a software tool and methodology to support the unique requirements of the law enforcement community. At that time, conducting a computer investigation was a tedious, time consuming process which required the use of several single-purpose DOS command line utilities. Investigators were forced to image original media to tape or a disk, then restore the image to another disk. Searching the evidence was limited to one search term at a time and recovering deleted files was accomplished by using off-the-shelf software which was never designed to support the forensic process. Often times, the process changed data and analysts had to restore the image several times.

We sat down with leading authorities from the legal and law enforcement communities and took a close look at the forensic process and what was needed. One of the greatest challenges was the fact that there was no precedent for what we were trying to create. Nobody had done it before, there was no pattern to follow, no giants shoulders to stand on and no failures to learn from. As it turns out, this was also the greatest factor which enabled us to innovate and create something completely new.

 


LinuxSecurity.com

LinuxSecurity.com was first launched in 1996 by a handful of Open Source enthusiasts and security experts who recognized a void in the availability of accurate and insightful news relating to open source security issues. Led by Dave Wreski, who currently serves as chief executive officer of Guardian Digital, this group has grown into a global network of collaborators who devote their time to gathering and publicizing the latest security news, advisories and reports relevant to the Linux community. Headquartered in Guardian Digital’s offices in Allendale, New Jersey, LinuxSecurity.com’s editorial and web development staff also creates feature articles, commentaries and surveys designed to keep readers informed of the latest Linux advancements and to promote the general growth of Linux around the world.
 


The Coroners Toolkit

The Coroners Toolkit – a collection of programs by Dan Farmer and Wietse Venema for a post-mortem analysis of a UNIX system after break-in. The software was presented first in a Computer Forensics Analysis class in August 1999.

According to the site,development of the Coroner’s Toolkit was stopped years ago. It is updated only for for bug fixes which are very rare, and after Wietse discovers that the programs no longer work on a new machine. Users of The Coroners Toolkit are encourage to use Brian Carrier’s Sleuthkit. It is the official successor of TCT.

 


Linux.org

Linux.org – Their main goal is to inform the public about every company, project and group that uses the Linux operating system and to report on the hard work of countless developers, programmers and individuals who strive everyday to improve on the Linux offerings in the marketplace.
 


Linux Journal

Linux Journal – Their mission is to serve the Linux community and to promote the use of Linux worldwide. As more and more people see Linux as a viable alternative to traditional OSes, Linux is increasingly being used as a primary operating system. Linux Journal focuses specifically on Linux and other open-source OSes, allowing the content to be a highly specialized source of information for open-source enthusiasts.
 


Linux.com

Linux.com is always evolving. Their goal is to give you all of the resources and information you need to make your experience with Linux a success.
 


Security-Enhanced Linux

Security-Enhanced Linux – As part of its Information Assurance mission, the National Security Agency has long been involved with the computer security research community in investigating a wide range of computer security topics including operating system security. Recognizing the critical role of operating system security mechanisms in supporting security at higher levels, researchers from NSA’s Information Assurance Research Group have been investigating an architecture that can provide the necessary security functionality in a manner that can meet the security needs of a wide range of computing environments.

Posted on

General Forensics Tips

Recognizing Potential Evidence

MacForensics.com Tips - Recognizing Potential EvidenceThe following was taken from the United States Secret Service’s Best Practices For Seizing Electronic Evidence. We highly recommend you read the entire article located here as it contains lots of good information regarding electronic evidence.
 

Recognizing Potential Evidence

Computers and digital media are increasingly involved in unlawful activities. The computer may be contraband, fruits of the crime, a tool of the offense, or a storage container holding evidence of the offense. Investigation of any criminal activity may produce electronic evidence. Computers and related evidence range from the mainframe computer to the pocket-sized personal data assistant to the floppy diskette, CD or the smallest electronic chip device. Images, audio, text and other data on these media are easily altered or destroyed. It is imperative that law enforcement officers recognize, protect, seize and search such devices in accordance with applicable statutes, policies and best practices and guidelines.

Answers to the following questions will better determine the role of the computer in the crime:

  • Is the computer contraband of fruits of a crime?
    For example, was the computer software or hardware stolen?

  • Is the computer system a tool of the offense?
    For example, was the system actively used by the defendant to commit the offense? Were fake IDs or other counterfeit documents prepared using the computer, scanner, and color printer?

  • Is the computer system only incidental to the offense, i.e., being used to store evidence of the offense?
    For example, is a drug dealer maintaining his trafficking records in his computer?
  • Is the computer system both instrumental to the offense and a storage device for evidence?
    For example did the computer hacker use her computer to attack other systems and also use it to store stolen credit card information?

Once the computer’s role is understood, the following essential questions should be answered:

  • Is there probable cause to seize hardware?
  • Is there probable cause to seize software?
  • Is there probable cause to seize data?
  • Where will this search be conducted?
    • For example, is it practical to search the computer system on site or must the examination be conducted at a field office or lab?
    • If law enforcement officers remove the system from the premises to conduct the search, must they return the computer system, or copies of the seized date, to its owner/user before trial?
    • Considering the incredible storage capacities of computers, how will experts search this data in an efficient, timely manner?

Source: US Secret Service

Posted on

Hardware Take Apart Guide

Over the years, MacForensicsLab.com have had many chances to tinkle with various Mac hardware. We have included some of our support crews’ experience below. However, ever since we stumbled on the iFixIt web sites, we believe there is no more reason for us to reinvent the wheel. We have been recommending customers to visit iFixit site for step-by-step instructions on opening up Macs and accessing the disk drives (HDDs or SSDs). If you job includes accessing the data in a forensic manner, I would strongly recommend you to visit iFixit at https://www.ifixit.com/ when the need arises.

 


Removing a Mac Hard Drive

MacForensics.com Tips - Removing a Mac Hard DriveWith the smaller and more compact design of computers these days, it’s becoming increasingly difficult to take them apart to get access to the hard drive for forensic acquisition and examination. Should you choose to take the Mac apart to access the hard drive for forensic investigation, Apple has created service manuals that outline the procedures necessary to remove the hard drive from Apple computers. Mac laptops are very difficult to take apart to access the hard drive because of the compact size and placement of the drive. A much easier option to taking the Mac apart to access the hard drive for forensic acquisition is to use Target Disk Mode. This mounts the suspect Mac as a FireWire device to allow for acquisition without removing the hard drive from the Mac. You can find information on acquiring via Target Disk Mode here on the MacForensicsLab.com web site. Make sure you disable Disk Arbitration using MacForensicsLab before connecting a suspect drive using Target Disk Mode to prevent writing to the device.

Apple Service Manuals for many Macs can be found at this site.

Take apart guides for Apple PowerBooks and MacBooks with full color photos can be found here at PowerBookMedic.com

Take apart guides with full color photos for PowerBooks and iPods can be found here at iFixIt.com

 


MacBook Air Take Apart Guide

MacForensics.com Tips - MacBook Air Take Apart GuideApple’s MacBook Air is a small light-weight laptop for users on the go. It packs lots of features into a small package. The small and compact size means that all the components are tightly squeezed into the MacBook Air. Take apart can be difficult but pictures can be helpful should you choose to venture inside. You can find a detailed take apart of the MacBook Air with lots of pictures here.

 


Mac mini Take Apart Guide

MacForensics.com Tips - Mac mini Take Apart GuideThe Mac mini is a small, low cost Mac that offers a lot of features in a small package. It’s a nice entry level machine for new and old Mac users. The low price along with it’s rich feature set make it an ideal machine for general users.

Although a forensic examiner can connect the Mac mini to their forensic workstation via Target Disk Mode and use software write blocking, the ideal way to image the suspect drive and examine it is to remove the hard drive and connect it with a hardware write blocker. Because of the Mac mini’s small size the internal components are tightly packed inside.

To remove the hard drive you will need a small computer screw driver (Phillips head) and a thin 1.5 inch putty knife. You may want to sharpen the edge using some fie grit sand paper first to make it easier to slide into the Mac mini case.

Instructions:

Place the Mac mini upside down on a cloth or towel.

Slide your putty knife in the seam of the Mac mini as shown. Pull back on the putty knife until the white plastic pops up. Do the same on the other side.

Pull the main unit up and out of the case.

To remove the wireless antenna there are two tabs under it that you can gentely squeeze together. You may want to hold the antenna down a bit as it has a spring below it and the spring may shoot off.

Remove the screws in all four corners of the CD/DVD drive.

Lift the CD/DVD unit and hard drive from the motherboard below. Be careful as the hard drive is still attached to the motherboard via a thin ribbon cable and the Airport antenna is still connected too.

Remove the 2 screws on each side of the hard drive. Then slide the drive out.

You can now connect the 2.5″ SATA drive (IDE in the older Mac mini G4 models) to a hardware write blocker to make a forensically sound aquisition of the suspect drive.