[Novalug] Computer Forensics

Matt Ahrens matt.ahrens@gmail.com
Mon May 17 11:25:11 EDT 2010


There was a pretty impressive Forensics talk given at NoVALUG maybe 2-3
years ago, while I can't remember who gave the talk, I can remember that
someone video taped it and posted it up on the NoVALUG site.  I couldn't get
to the NoVALUG site, maybe someone has the video or an archived version of
the site, it would be a nice, technical forensic overview.

Thanks,
Matt

On Mon, May 17, 2010 at 11:05 AM, The Doctor <drwho@virtadpt.net> wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Andy Tornquist wrote:
>
> > sites or books? Has anyone have experience with the sleuth kit or
> autopsy?
>
> I've used Autopsy a little bit.  I strongly recommend going to Goodwill
> or something, buying a couple of old hard drives, and experimenting on
> them with Autopsy.  It takes some getting used to but to really become
> proficient with it takes practice when the heat's off.
>
> I also recommend experimenting with recoverjpeg
> (http://www.rfc1149.net/devel/recoverjpeg) and testdisk
> (http://www.cgsecurity.org/wiki/TestDisk).  They're more specialized but
> handy to know about and good for getting a feel for "how things are
> supposed to go."
>
> - --
>
> The Doctor [412/724/301/703]
>
> PGP: 0x807B17C1 / 7960 1CDC 85C9 0B63 8D9F  DD89 3BD8 FF2B 807B 17C1
> WWW: http://drwho.virtadpt.net/
>
> If you're racing through life, you're racing to the end.
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v2.0.14 (GNU/Linux)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
>
> iEYEARECAAYFAkvxW0QACgkQO9j/K4B7F8GaJACeLjY5vfXLF3hUU7GL0BDWWxYM
> 6SIAoJ8anlPBj5Qrdw/rM13YX1pz/6nt
> =cf46
> -----END PGP SIGNATURE-----
> _______________________________________________
> Novalug mailing list
> Novalug@calypso.tux.org
> http://calypso.tux.org/mailman/listinfo/novalug
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.firemountain.net/pipermail/novalug/attachments/20100517/74ca198c/attachment.htm>


More information about the Novalug mailing list