Spotlight | Reviews | Current Issue | Academy | Newsletter | Subscribe | Shop |
News
Features
Blogs
RSS Feeds
White Papers
Conference Videos
Departments
Current Issue
Special Editions
Spotlight
Reviews
Event Calendar
Archives
     2012
     2011
     2010
     2009
     2008
     2007
     2006
     2005
Article Code

Partner Links
Make your own website
WinWeb OnlineOffice
Comparing prices of hardware is worth it.
Price Comparison
What:
Where:
Country:
vacatures Netherlands njobs Linux vacatures
arbeit Deutschland njobs Linux arbeit
work United Kingdom njobs Linux jobs
Lavoro Italia njobs Linux lavoro
Emploi France njobs Linux emploi
trabajo Espana njobs Linux trabajo

user friendly

Admin Magazine

ADMIN Network & Security

Subscribe now and save!

 ADMIN - Explore the new world of system administration! ADMIN is a smart, technical magazine for IT pros on heterogeneous networks. Each issue delivers technical solutions to the real-world problems you face every day. Learn the latest techniques for better:

  • network security
  • system management
  • troubleshooting
  • performance tuning
  • virtualization
  • cloud computing

 on Windows, Linux, Solaris, and popular varieties of Unix.

http://www.admin-magazine.com/

  linux-magazine.com » Issues » 2008 » 93 » Investigating Windows Systems  

Print this page. Recommend
Share

Comparatively Simple

With the addition of a couple of extra packages, the Windows world is wide open to an investigator running Linux. If you need more of this good thing, take a look at the free forensic tools by Foundstone [14]. These tools give investigators the ability to restore cookies, long-gone entries from the Windows trash can, and many other things.

Experienced Linux users might find the shell approach refreshing, but some users will prefer to avoid the complex command-line syntax. The learning curve for Linux newcomers will likely be steeper for open source tools compared with more expensive commercial products. The winner in the usability stakes has to be the fully automated Ophcrack Live CD, which removes the need for users to type pesky shell commands and displays the local user's Windows passwords shortly after booting.

When we tested this on an XP system (SP2), the CD took just 280 seconds to discover the credentials of the five user accounts (which included up to 14 characters; see Figure 5). The live Linux version on the CD includes just the tables for alphanumeric passwords without non-standard characters. If you want more, you will have to invest in the commercial Rainbow Tables.

Infos

  1. Guidance Software: http://www.guidancesoftware.com
  2. X-Ways: http://www.x-ways.net/corporate/index-m.html
  3. Ewfacquire: https://www.uitwisselplatform.nl/projects/libewf
  4. Helix: http://www.e-fense.com/helix
  5. Endianness: http://en.wikipedia.org/wiki/Endianness
  6. The Sleuth Kit: http://sleuthkit.org
  7. Wikipedia on file slack: http://en.wikipedia.org/wiki/File-Slack
  8. bmap: http://www.packetstormsecurity.org/linux/security/bmap-1.0.17.tar.gz
  9. File slack analysis on Linux: http://www.woerter.at/dud/stuff/fileslack.pdf
  10. Pasco download: http://downloads.sourceforge.net/odessa/pasco_20040505_1.tar.gz?modtime=1083715200&big_mirror=0
  11. Mork.pl: http://www.jwz.org/hacks/mork.pl
  12. Dumphive: http://v4.guadalinex.org/guadalinex-toro/pool/main/d/dumphive/dumphive_0.0.3-1_i386.deb
  13. Ophcrack and Ophcrack Live CD: http://ophcrack.sourceforge.net
  14. Foundstone Forensic Tools: http://www.foundstone.com/us/resources-free-tools.asp

The Author

Hans-Peter Merkel has been an active member of the open source forensics community for many years. He trains criminal investigators in Germany and Tanzania, and he is one of the founders of Freioss and Linux4afrika.

« Previous 1 2 3 4

Read full article as PDF ยป Investigating_Windows_Systems.pdf 1.47 MB


Comments


Print this page. Recommend
Share
Related Articles
Configuring Dual Boot Putting Linux and Windows on a single hard disk
Wine Running Windows Programs with the Wine API
Windows Integration Intro Tools and techniques for Windows integration
VMware 4.5.2 The PC Emulator VMware Workstation 4.5.2 for Linux
Windows apps with Wine Wine, Crossover Office, and Cedega
Free Software Projects Programmable Blinky Lights, DIY Desktop Fab and 3D Printing, Arduino Boards
No More Downloads!

Save the download and take Linux Magazine DVDs instead.

Each DVD contains a full distro like Ubuntu, SUSE, Mandriva, Fedora, or Debian and comes with the corresponding issue of Linux Magazine.

Don't waste time downloading Linux!

more...

In the US and Canada, Linux Magazine is known as Linux Pro Magazine.

© 2012Linux New Media USA, LLC

Linux New Media Websites
International: [Linux Magazine] [ADMIN Magazine] [Ubuntu User] [Smart Developer] [Linux Magazine Academy]
North America: [Linux Pro Magazine] [ADMIN Magazine] [Ubuntu User] [Smart Developer]
Germany: [Linux-Magazin] [ADMIN Magazin] [LinuxUser] [EasyLinux] [Linux-Community]
[Ubuntu User] [Smart Developer] [Android User] [Linux-Magazin Academy]
Poland: [Linux Magazine] [EasyLinux]
Spain: [Linux Magazine] [Ubunutu User]
Netherlands: [Linux Magazine Academy]
Brazil: [Linux Magazine] [ADMIN Magazine] [Ubuntu User] [Guia de TI]