Investigating Windows systems with Linux
With the addition of a couple of extra packages, the Windows world is wide open to an investigator running Linux. If you need more of this good thing, take a look at the free forensic tools by Foundstone . These tools give investigators the ability to restore cookies, long-gone entries from the Windows trash can, and many other things.
Experienced Linux users might find the shell approach refreshing, but some users will prefer to avoid the complex command-line syntax. The learning curve for Linux newcomers will likely be steeper for open source tools compared with more expensive commercial products. The winner in the usability stakes has to be the fully automated Ophcrack Live CD, which removes the need for users to type pesky shell commands and displays the local user's Windows passwords shortly after booting.
When we tested this on an XP system (SP2), the CD took just 280 seconds to discover the credentials of the five user accounts (which included up to 14 characters; see Figure 5). The live Linux version on the CD includes just the tables for alphanumeric passwords without non-standard characters. If you want more, you will have to invest in the commercial Rainbow Tables.
- Guidance Software: http://www.guidancesoftware.com
- X-Ways: http://www.x-ways.net/corporate/index-m.html
- Ewfacquire: https://www.uitwisselplatform.nl/projects/libewf
- Helix: http://www.e-fense.com/helix
- Endianness: http://en.wikipedia.org/wiki/Endianness
- The Sleuth Kit: http://sleuthkit.org
- Wikipedia on file slack: http://en.wikipedia.org/wiki/File-Slack
- bmap: http://www.packetstormsecurity.org/linux/security/bmap-1.0.17.tar.gz
- File slack analysis on Linux: http://www.woerter.at/dud/stuff/fileslack.pdf
- Pasco download: http://downloads.sourceforge.net/odessa/pasco_20040505_1.tar.gz?modtime=1083715200&big_mirror=0
- Mork.pl: http://www.jwz.org/hacks/mork.pl
- Dumphive: http://v4.guadalinex.org/guadalinex-toro/pool/main/d/dumphive/dumphive_0.0.3-1_i386.deb
- Ophcrack and Ophcrack Live CD: http://ophcrack.sourceforge.net
- Foundstone Forensic Tools: http://www.foundstone.com/us/resources-free-tools.asp
Buy this article as PDF
Klaus Knopper announces the latest version of his iconic Live Linux system.
All websites that use these popular CMS tools could be vulnerable to denial of service attacks if users don't install the updates.
According to a report, many potential victims of the Heartbleed attack have patched their systems, but few have cleaned up the crime scene to protect themselves from the effects of a previous intrusion.
DARPA and NICTA release the code for the ultra-secure microkernel system used in aerial drones.
Should you trust an online service to store your online passwords?
New B+ board lets you build cool things without the complication of a powered USB hub.
Redmond rushes in to root out alleged malware haven.
New initiative will bring futuristic virtual reality effects to the web surfing experience.
Dyreza malware launches a man-in-the-middle attack that compromises SSL.
New cloud combines worldwide access with local attention to data security.