180 likes | 377 Views
Intro to Linux for Cyber Crime Investigators and Computer Forensic Examiners. By Ernest Baca ebaca@linux-forensics.com www.linux-forensics.com. History of Linux.
E N D
Intro to Linux for Cyber Crime Investigators and Computer Forensic Examiners By Ernest Baca ebaca@linux-forensics.com www.linux-forensics.com
History of Linux • 1991 Computer hardware was pushing the limits beyond what anyone expected – DOS was still reigning supreme in the world of personal computers. PC users had no other choice. Apple Macintosh prices were astronomical. • The other dedicated camp of computing was the Unix world. Unix was far more expensive and out of reach from PC users. The source code of Unix, once taught in Universities courtesy of Bell Labs, was now cautiously guarded. • A solution appeared on the horizon called MINIX. It was written from scratch by Andrew S. Tanenbaum, a Dutch professor who wanted to teach his students the inner workings of a real operating system. It was designed to run on the Intel 8086 microprocessor.
History Continued • MINIX was not a superb operating system, but it had the advantage that the source code was available. • In 1991, Linus Benedict Torvalds was a second year student of Computer Science at the University of Helsinki and a self taught hacker. Torvalds loved to tinker with the power of computers and the limits which the system could be pushed. All that was lacking was an operating system that could meet the demands of professionals. MINIX was good, but still it was an operating system for students, designed as a teaching tool. • At the same time, programmers worldwide were greatly inspired by the GNU project by Richard Stallman, a software movement started in 1983 to provide free quality software. (GNU is a recursive acronym which actually stands for ‘GNU is Not UNIX’).
History Continued • August 25, 1991 the historic post was sent to the MINIX newsgroup by Linus Torvalds. • Linus did not believe at the time that Linux was going to be big enough to change computing forever. • Linux version 0.01 was released by mid September 1991 and was put on the Internet. Enthusiasm gathered and codes were downloaded, tweaked, and returned to Linus. Linux 0.02 came October 5th. • That was the start of a new generation Operating system
Why Learn Linux for Cyber Crime Investigations? • Linux is one of the fastest growing operating systems. Odds of a Cyber Crime Investigator encountering a Linux system is becoming greater. • The Internet is made up of a majority of Linux systems. Learning the basic Linux system will help the investigator understand concepts in order to effectively investigate Cyber Crime. • A majority hackers and hard core cyber-criminals don’t use Windows based Systems. Learning the basic Linux concepts will help the Investigator effectively interview witnesses and suspects. • Learning the Linux system will assist the Investigator in Crime Scene response if a Linux system is encountered.
Misconceptions about Linux • Linux is to hard to learn! • Linux is for the Ya Ya Brotherhood and Ya Ya Sisterhood of computer gurus! • Linux is hard to install! • If you know Linux you’re a COMPUTER GOD! • Linux is not a good teaching tool. • Linux is only command line driven and therefore to difficult! • You must know every Linux command to do anything useful with it.
Understanding Linux • Linux Versions are referred to as Kernel Versions • Linux Systems are referred to as Distributions. • Distribution is a collection of software that runs on the Linux Kernel. Also referred to as a Distro. • Different distributions run differently (ex: file structure may be different) • All distributions available for download. • Source code is available for all distributions of Linux.
Linux Distributions • Redhat – Most popular amongst industry • Debian – Many distributions are based on this distribution • Mandrake – Very popular distribution • Suse – Most software rich distribution. • Slackware – Most popular amongst hackers. Very user unfriendly • Gentoo – Slowly replacing Slackware • Many more!
Next Generation Data Forensics The Linux Solution
What is Data Forensics? • Process: • Imaging data stored in electronic format • Authentication of Image • Analyzing the data • Reporting results in a neutral manner
How does Linux fit in to Data Forensics? An out of the box Linux system already has the built in ability to image, authenticate, wipe, and search media!
Benefits of Linux as a Forensic Tool • Everything, including hardware, is treated as a file • Support for numerous file system types (many not recognized by windows) • Ability to mount a file • Ability to analyze a live system in a safe and minimally invasive manner (No hardware or software write blocker needed) • Ability to redirect standard output to input (Multiple commands on one line) • Ability to review source code for most utilities • Ability to create bootable media • Linux is free as well as the source code • Tools are mostly Free or inexpensive (Bottom Line Cost efficient)
Questions of Death! • Does your software make mistakes? • How do I know your software does what it says it does? • Can you validate what you did?
Linux Tools • TASK & Autopsy –Tool used in data recovery and also used for data examination www.atstake.com • Foremost – Data carving tool. Foremost.sourceforge.net • Corners Toolkit – Used for data recovery www.porcupine.org/forensics/tct.html • Maresware – Linux tools for data forensics. www.dmares.com • SMART Forensic Software – GUI based forensic software used for data acquisition, validation, examination and reporting. www.asrdata.com • Glimpse – Data Indexing and search tool. www.glimpse.cs.arizona.edu
Linux Bootable Distributions • Bootable Business Card – Linux boot CD image suitable to burn onto business card CD. www.lnx-bbc.org • PLAC – Portable Linux Auditing CD sourceforge.net/projects/plac • F.I.R.E – Another bootable Linux CD. Fire.dmzs.com • Knoppix – GUI based Linux bootable CD. www.knoppix.de
Useful Linux Links • http://Ohiohtcia.org/linuxintro-1.8.1.pdf - Introduction to Linux for Data Forensics. • http://www.crazytrain.com – Website devoted to Linux Data Forensics • http://www.linux.org – Good Linux resource for learning • http://www.linux-directory.com – Another good Linux resource • http://www.linux-forensics.com – My website devoted to the use of Linux as a data forensic tool. (Currently Under Construction)