Helix is already out on the market in the free world. This looks interesting though. I am hoping to take it for a spin this weekend.
Apparently some students at Edith Cowan University’s School of Computing and Information Sciences in Australia have developed a Linux-based tool to help collect cyber evidence without compromising its integrity. The idea arose after the Western Australian Police asked the University for help two years ago.
On Thursday of this week I was fortunate enough to work along side a colleague of mine as we were conducting a forensic investigation. We had retrieved a active laptop and wanted to conduct a live memory dump of the system. Unfortunately there was a password on the screen saver and we didn’t want to compromise the data in anyway. His solution to achieve our goals was to utilize a program called winexe on a *nix system.
Winexe allows a person to connect to the IPC$ share of an active host. Now you might say “whats the point”. Take a moment and look at it from a corporate investigative standpoint. If you have a system that you possess a local admin account for (perhaps a standard one utilized by the company help desk) you can utilize this to access that IPC$ share.
VRRP: Increasing Reliability and Failover with the Virtual Router Redundancy Protocol
Cyber Crime Investigator's Field Guide, Second Edition
CEH: Official Certified Ethical Hacker Review Guide: Exam 312-50
Certified Ethical Hacker Exam Prep (Exam Prep 2 (Que Publishing))
