Don't Miss DEFT: v5X Review
Almost two months have passed since Stefano Fratepietro released the ‘100% Italian’ forensics distribution, DEFT Linux v5X. With support to its development given by the Italian Information System Forensics Association, this 660MB+ Xubuntu-based distribution is one not to miss.
This short paper identifies requirements of forensic Linux distributions regarding boot-time file-system handling. Maxim identifies a couple of issues with boot-loaders & initialisation scripts and compares leading products for their vulnerability.
FreeBSD: 101... and a bit
In the last post in this three-parter, we installed FreeBSD on to either a physical or virtual computer. Now we need to apply some basic configuration to adjust permissions, choose a graphical log-in manager and start the desktop. Don’t worry, though: it’s very straightforward!
CAINE 1.5 - "Shining" Example of Concious Development?
Four weeks ago I reviewed CAINE v1.0, the first full release of the Italian computer forensics LiveCD. It took the development team a mere six weeks to release version 1.5; how much an improvement is this edition? How far can one distribution go in such a short time to reach such an increment?
Discusses the use of virtualisation to facilitate analysis of imaged suspect storage. While the virtualised environment differs greatly from areal-world set-up, this method can prove powerful for live file analysis and/or re-creating the basics of the system.
One Step to Admiration and Appreciation
So often doing something is simply not enough. You need to show what has been achieved, talk about it, point out how other people can use it, build upon it. Most importantly of all, though: write about it.
CAINE v1.0 Released & Reviewed
It may be said that Linux distributions are like buses: we can wait at the roadside and see many interesting things go by, when we are waiting for our favourite to come around the corner it seems an age and we worry we’ve missed something, the old adage that we wait and - eventually - many turn up at once. No more true is that than now because Ubuntu has just had a new release, Fedora is currently in beta awaiting its finishing touches and, our feature presentation, CAINE has just turned the big one-point-zero.
FreeBSD: 101
The majority of content here focusses on the GNU/Linux operating system because it is freely available to obtain, install and use. An alternative lies in its perhaps lesser-used cousins, the BSD family. While slightly more technical, they are an equally ultra-reliable bunch. If Linux isn’t quite your thing, you may wish to use FreeBSD instead. It’s good idea to at least acknowledge these alternatives exist so I’ve put together a quick How-To guide to get you started using FreeBSD. I do so using virtualisation in Sun’s VirtualBox software, but it makes no difference in terms of the end result.
I aim to provide a guide to get FreeBSD up and running more quickly than following the FreeBSD Handbook, an excellent resource should you get stuck. These posts are for those coming from using Linux, so will assume a decent knowledge of Linux and that you’re not afraid to learn! This post runs through the installation routine; later posts applies some important post-installation configuration to give a solid base system. (We do not, however, discuss any troubleshooting.) An outline of the OS will follow but there’s only one real way to find out, right?
Harden a Linux Kernel
At the core of any operating system is its kernel, the basic software code that manages system resources and where all code between application and computer passes through. One can imagine that as this software is at the most basic level, it is a prime target for exploitation.
This disadvantage can be turned around, however; by introducing or imporving security measures at this level means that it can be an effctive barrier on all later levels. Many projects exist to do so:
- Security-Enhanced Linux from the NSA is built into common desktop Linux systems. Gaining popularity through the Fedora Project, SELinux is available for Linux, FreeBSD, OpenSolaris and Darwin (Mac OS).
- The Linux Intrusion Detection System (LIDS) is a patch applied on top of the Linux kernel and provides security through rule-based access control. It suppresses the all-access power of the super-user (root) while so limited damage can be done to the system. It also protects itself through a strong password authentication mechanism.
- RSBAC has been implemented in to the Linux kernel since 2000 and provides access control, similar to LIDS, along with other goodies.
- Finally (though I suspect many more exist) grsecurity is aimed at web servers or those that accept remote connections. Emphasis is placed on buffer overflows and other more low-level vulnerabilities.
Interesting tutorial to create one file that is both a JPEG and a ZIP.
- Don't Miss DEFT: v5X Review
- Pitfalls of mounting file systems - Suhanov Maxim [PDF]
- FreeBSD: 101... and a bit
- CAINE 1.5 - "Shining" Example of Concious Development?
- Computer Forensic Analysis in a Virtual Environment -- Bem & Huebner, IJDE [PDF]
- One Step to Admiration and Appreciation
- CAINE v1.0 Released & Reviewed
- FreeBSD: 101
- Harden a Linux Kernel
- Excellent Trick on JPG Images. An Image That Contains Images | Jeez Tech
