You don’t need expensive proprietary tools to practice the craft of computer forensics.
Crime scene: the server room…The thief doesn’t need a key card or the protection of darkness – an intruder can use the Internet to come and go. But despite the secret entrance, the attacker still leaves behind some telltale traces. Finding and interpreting this evidence is the top priority of criminal investigators.
This article goes over some tools that the experts use to find clues and evidence. And the great thing about these forensic tools are that they are open source.
After that it stopped development for quite some time, thankfully some new blood has picked it up and development has started again! With over a year of inactivity, the latest alpha of nUbuntu 8.04 has finally surfaced. With this comes many new bug fixes and updates. All of the latest security and penetration tools are included to make this you’re primary pentesting livecd.
I am glad to see projects like nUbuntu start-up again. Security LiveCD's are useful tools for any Linux user. Do you have any favorites?
Australian university students have developed a Linux-based data forensics tool to help police churn through a growing backlog of computer-related criminal investigations.
The tool was developed by students from Edith Cowan University's School of Computing and Information Sciences and will help the Western Australian Police Computer Crime Squad process their forensic investigations. Called Simple (for Simple Image Preview Live Environment), the software allows investigators to view and acquire forensic data at the scene of the crime without compromising the integrity of data as it is collected.
There are tons of Linux forensics LiveCD distributions available, but what is your favorite?
Tmin is a simple utility meant to make it easy to narrow down complex test cases produced through fuzzing. It is closely related to another tool of this type, delta, but meant specifically for unknown, underspecified, or hard to parse data formats (without the need to tokenize and re-serialize data), and for easy integration with external UI automation harnesses.
Give this fuzzer a go and let us know what you think! Included in the article is a sample "hello world" script to fuzz "hello world" code, if that makes any sense. Why not check out the article to see what I mean?
Most of todays tools for fingerprinting are focusing on server-side services. Well-known and widely-accepted implementations of such utilities are available for http web services, smtp mail server, ftp servers and even telnet daemons. Of course, many attack scenarios are focusing on server-side attacks.
This implementation of client-side fingerprinting utilizes PHP to identify browsers by http requests. See how this application fares against other fingerprinting utilities that analyze header lines and values.
Sqlninja is a tool to exploit SQL Injection vulnerabilities on a web application that uses Microsoft SQL Server as its back-end. Its main goal is to provide a remote shell on the vulnerable DB server, even in a very hostile environment. It should be used by penetration testers to help and automate the process of taking over a DB Server when a SQL Injection vulnerability has been discovered.
With features such as evasion techniques, a more sophisticated upload module, and automatic URL-encoding, why not take a look at Sqlninja and see if your DB is secure today?
The Web Security Gateway is a security-centric distribution of the Apache web server, bundled with additional security modules, and configured as a front-end (reverse) HTTP proxy. The goal is to mirror most of the features of commercial web application “firewalls”, with free and Open-Source software.
Leveraging features currently present in Apache, it is possible to create a front-end proxy to Apache which will provide an extra layer of security. This extra layer can integrate functionality such as traffic reporting, authentication, SSL, and even load balancing! Read the article for more info!
We are pleased to announce a new project called oCERT, the Open Source
Computer Emergency Response Team.
The oCERT project is a public effort providing security handling support to
Open Source projects affected by security incidents or vulnerabilities, just
like national CERTs offer services for their respective countries.
If you are a small project lacking security handling resources we can aid you
in tracking down the extent and nature of potential compromises and security
vulnerabilities and co-ordinate with all affected parties (like projects that
ship your code).
If you are a big project and/or Open Source vendor we can promptly communicate
with you reports and vulnerabilities that might affect your codebase and
infrastructure and help you out with your security requirements.
Just because a project is open source does not ensure that it is totally secure. Check out the oCERT project for an attempt to help make open source security even better!
Webshag is a multi-threaded, multi-platform web server audit tool. Written in Python, it gathers commonly useful functionalities for web server auditing like website crawling, URL scanning or file fuzzing.
Fuzzing is always a lot of fun - throw as much pasta against the wall and something is bound to stick (at least that's what my mom would say). This tool provides interesting capabilities such as "retrieving the list of domain names hosted on a target machine and file fuzzing using dynamically generated filenames". Why not check the article out, download the tool, and start throwing some pasta today?
Palamida, an open-source risk management company, believes in open source. But at the same time, its corporate code audits of more than 500 million lines of code has found time and again "specific open-source projects inside mission critical systems that had not been patched" with most recent updates.
Read on for an interesting account of what happens when you don't keep up with the times. A great point Palamida gets across is the fact that even though you are using a great open source tool does not substitute not keeping it up to date.
