Re: images for computer forensics?


This is an older one and the answers are posted on the internet but this is
a real hack from the honeynet project.

Good luck!!

http://www.honeynet.org/challenge/index.html



On 2/26/07 4:35 PM, "Murda Mcloud" <murdamcloud@xxxxxxxxxxx> wrote:

Like people told me when I asked this-buy secondhand disks from ebay and go
crazeee! You will be amazed...
Also, here in Oz the council do a hard rubbish removal service once a year.
You leave your rubbish on the kerb and they collect it-or other people
scavenge. Scavenge and get your friends round to marvel at what info you can
rebuild from 'deleted' files. Or even wide open files. The process for
recovering files/logs etc is the same as if it were a 'crime scene'.

Like Ansgar said, nobody is going to want to open up their confidential case
data to the world.


-----Original Message-----
From: listbounce@xxxxxxxxxxxxxxxxx [mailto:listbounce@xxxxxxxxxxxxxxxxx] On
Behalf Of Ansgar -59cobalt- Wiechers
Sent: Tuesday, February 27, 2007 2:31 AM
To: security-basics@xxxxxxxxxxxxxxxxx
Subject: Re: images for computer forensics?

On 2007-02-26 Zhihao wrote:
Hi list, was wondering if anyone knows of any online resources I can
visit that has got real life case studies of cybercrime and actually
has got the disk image of the server that was hacked? or even a disk
image of a system that was used to compromise a server? Went over to
honeynet.org and they do have an image of a purposely hacked redhat
6.2 but I will prefer a resource that will have actual disk images
from a crime scene.

I sure hope that nothing like that exists and will ever exist, because
these images will most likely contain confidential, maybe even personal
data.

Regards
Ansgar Wiechers




---------------------------------------------------------------------------
This list is sponsored by: BigFix

If your IT fails, you're out of business - or worse. Arm your
enterprise with BigFix, the single converged IT security and operations
engine. BigFix enables continuous discovery, assessment, remediation,
and enforcement for complex and distributed IT environments in real-time
from a single console.
Think what's next. Think BigFix.

http://ad.doubleclick.net/clk;82309979;15562032;o?http://www.bigfix.com/ITNext/
---------------------------------------------------------------------------

Relevant Pages

  • RE: images for computer forensics?
    ... Subject: images for computer forensics? ... has got the disk image of the server that was hacked? ... BigFix ... the single converged IT security and operations ...
    (Security-Basics)
  • RE: images for computer forensics?
    ... Behalf Of Ansgar -59cobalt- Wiechers ... Subject: images for computer forensics? ... has got the disk image of the server that was hacked? ... BigFix ...
    (Security-Basics)
  • Re: Getting errors trying to mount disk images
    ... jamiekg@xxxxxxxxxxxxxxxxxx (Jamie Kahn Genet) wrote: ... Several images JR sent me fail this way as well. ... All the AfterDark images were ones I tried opening in OSX. ... in the disk image which. ...
    (comp.sys.mac.system)
  • Re: Print Shop Graphics
    ... import them into a disk image, then view them in CiderPress and export them ... get CiderPress to convert them to something I can use in Photoshop. ... you can convert the entire disk full of images in one shot. ... CiderPress Apple II archive utility for Windows - http://www.faddensoft.com/ ...
    (comp.sys.apple2)
  • Re: [opensuse] [OT] is there a virtual machine that IMPROVE performance by using harddisk as harddis
    ... by making use of a separate harddisk instead of a disk image? ... Just point it at using a device name instead of the file path. ... I'd suggest to put the images on partitions or logical volumes though, ...
    (SuSE)