• Effective immediately we will be deleting, without notice, any negative threads or posts that deal with the use of encryption and streaming of scanner audio.

    We've noticed a huge increase in rants and negative posts that revolve around agencies going to encryption due to the broadcasting of scanner audio on the internet. It's now worn out and continues to be the same recycled rants. These rants hijack the threads and derail the conversation. They no longer have a place anywhere on this forum other than in the designated threads in the Rants forum in the Tavern.

    If you violate these guidelines your post will be deleted without notice and an infraction will be issued. We are not against discussion of this issue. You just need to do it in the right place. For example:
    https://forums.radioreference.com/rants/224104-official-thread-live-audio-feeds-scanners-wait-encryption.html

Linux Tool Speeds up Computer Forensics for Cops

Status
Not open for further replies.

iMONITOR

Member
Premium Subscriber
Joined
Sep 20, 2006
Messages
6,789
Location
MACOMB, MI.
N1GTL said:
I have used EnCase for years. Coupled with a FireFly I can do real-time write protected previews in seconds. Seems like they are reinventing the wheel about 6 years later.
What is the cost for EnCase, and FireFly?
 

mancow

Member
Database Admin
Joined
Feb 19, 2003
Messages
5,882
Location
N.E. Kansas
We've used this for years now. It's just a quick and easy way to see what images reside on the computer. You can't do any real forensic searching or anything else. It just load write blockers and boots to the linux environment. Then it scans for images and videos. It runs partially off a USB drive and also stores what you find and mark on that same drive.
 

RedPenguin

Member
Premium Subscriber
Joined
Feb 28, 2007
Messages
1,007
Great Find GreatLakes

Great Find GreatLakes.

You must be a professional news searcher. I've seen many of your stories that I never heard of anywhere else. That's why I've always liked the Tavern now Wasteland.

I'm studying to be a Computer Forensic in college, and my class seems to mainly focus on Windows but I just love Linux, I even have a Linux router at home (machine with 2 NICs) that actually works better than those cheap $100 or less routers you buy at Walmart or somewhere else. A 400MHZ machine actually works well as a router and a file server at the same time.

Anyway, I would love to work with Linux as well as just Windows in my Forensic classes and even my main classes, but almost no one in my county, let alone schools seem to even know Linux or UNIX.

I think this tool will be a great tool, it touches everything that we are taught in class, especially about the NEVER writing to the evidence.
 

RedPenguin

Member
Premium Subscriber
Joined
Feb 28, 2007
Messages
1,007
We actually

GreatLakes said:
What is the cost for EnCase, and FireFly?
Speaking of this, I would like to know also, because in class we talk about EnCase but we never really use it.

We use mainly three programs. FTK (Forensic Tool Kit), FTK (Forensic Tool Kit) Imager, and ProDiscover Basic.

Mostly in my class, we just listen to the instructor talk and the tools we use, seem to simple to me, that I've actually used similar programs before and almost everything in class we talk about, I've actually knew from just being a computer "geek" or "specialist". I'm basically considered the "geek's geek", meaning I actually have other geeks coming to me for help. LoL.
 

JHVH-1

Member
Premium Subscriber
Joined
Mar 31, 2005
Messages
34
Location
Highland Park, NJ
RedPenguin said:
Speaking of this, I would like to know also, because in class we talk about EnCase but we never really use it.

We use mainly three programs. FTK (Forensic Tool Kit), FTK (Forensic Tool Kit) Imager, and ProDiscover Basic.

Mostly in my class, we just listen to the instructor talk and the tools we use, seem to simple to me, that I've actually used similar programs before and almost everything in class we talk about, I've actually knew from just being a computer "geek" or "specialist". I'm basically considered the "geek's geek", meaning I actually have other geeks coming to me for help. LoL.
Lets just put it this way, the software is expensive enough that you have to request a quote from them to get a price on it. (3 or 4 years ago I was hearing 4 digit prices at least if I remember correctly).
When I took a class using it, the book came with a crippled version that would only work with sample data they provided.

The nice thing about the linux tools is that you can run the same software on a mac too, and it supports quite a few filesystems.
 

car2back

Member
Joined
Dec 19, 2004
Messages
3,010
Location
Tulsa, OK
Another great article, thanks GL!

Penguin, are you talking about Access Data FTK, or some other software?
 

RedPenguin

Member
Premium Subscriber
Joined
Feb 28, 2007
Messages
1,007
Yes

car2back said:
Another great article, thanks GL!

Penguin, are you talking about Access Data FTK, or some other software?
Yes, exactly. In fact we just used the trial that limits to 5,000 items today in class.

It's used in exercises from Thompson Course Technology's "Guide to Computer Forensics and Investigations".

I had to laugh because my thumb drive, I often put portable programs on, and it got mad at my thumb drive today, because it contained more than 5,000 items, I actually thought the program was dead then, but it still worked, so it must just be no more than 5,000 items at a time, not overall. I'm glad, because we will be using the program later in class also.
 

car2back

Member
Joined
Dec 19, 2004
Messages
3,010
Location
Tulsa, OK
Cool, I have the software somewhere on disk but have never even messed with it. I might break it out tonight!
 
Status
Not open for further replies.
Top