CS 365 (491c): Digital Forensics

Welcome to the main page of the Fall 2008 offering of Digital Forensics. Rather than a traditional web page, this course uses a blog. Enrolled students, as well as class alums, are welcome to post to the blog at any time. Below this entry, you’ll see the posts of students from previous class offerings.

If you are looking for information about the course, on the top left corner of the main page, you’ll find a description, a course syllabus, and a calendar of assigned reading, quizzes, and homework assignments.

As of August 17, there are 18 students enrolled. There is room for at least 2 more, but please contact me if the registration system says the class is full and I’ll see what I can do.

I’ll be assigning accounts for posting to the site on the first day of class. Until then, you can only read.

Please note a recent change to the course syllabus: Brian Carrier’s book on File System Forensic Analysis is now required for the class.

as a google doc

http://docs.google.com/View?docid=dgjnr3zk_5g33kgkhm

Greg

I think something similar to a MRU List can be found in the Gnome Desktop. In your home user folder you can find a xml file named .recently-used.xbel, which should have documents you have opened by clicking on them in bookmark nodes. Does anyone know of other things similar to a MRU List that are gnome specific?

Greg

RIAA Expert witness discredited:

http://yro.slashdot.org/yro/08/02/26/2036237.shtml

Abstract on a program being developed for Law Enforcement specifically for analyzing use of Peer to Peer file sharing apps.

http://dfrws.org/2007/proceedings/p43-adelstein.pdf

“CLARKSBURG, W. Va. — The FBI is embarking on a $1 billion effort to build the world’s largest computer database of peoples’ physical characteristics, a project that would give the government unprecedented abilities to identify individuals in the United States and abroad.”

Link: http://www.washingtonpost.com/wp-dyn/content/article/2007/12/21/AR2007122102544.html

“A screen shot from a “concerned reader” has surfaced on Wired, via Lauren Weinstein’s blog. This screen shot hails from a Rogers ISP customer, and displays a message from Rogers indicating that the customer is approaching their data cap limit for the month. Subsequently, there’s information on how to upgrade their account.”

“Visiting a Google search home page warranted the message from Rogers indicating the customer is approaching their bandwidth limit. Could this have anything to do with the popularity of Google? Google does pride itself on providing speedy search results, so an imposing message from an ISP provider could very well mess with Google’s own business implementation and give a leg up for another search company (in theory of course). And what about other websites? Rogers is messing with their brand equity, making sites look ugly and all. And that’s just not right.”

Read more about this privacy/net neutrality issue at http://mashable.com/2007/12/11/rogers-not-net-neutral/.

Woman asked to hand over keys to files she claim’s to have no knowledge of. From the UK.

http://www.theregister.co.uk/2007/11/14/ripa_encryption_key_notice/

An interesting paper about privacy. It has a lot of references to privacy-related cases.

http://papers.ssrn.com/sol3/papers.cfm?abstract_id=998565

Hey guys,

There’s a useful encryption/decryption program I found called AxCrypt, which deals in aes-128 encryption coupled with some form of compression. It’s open source, but unfortunately it’s only for windows. You can install it under the current Wine, but first it complains that you need IE 4.0 or Higher.

Go to winehq.org, and add their repositories, then:

$ sudo apt-get install wine cabextract

Then we’ll install ies4linux fromhttp://www.tatanka.com.br/ies4linux

$ wget http://www.tatanka.com.br/ies4linux/downloads/ies4linux-latest.tar.gz
$ tar zxvf ies4linux-latest.tar.gz
$ cd ies4linux-*
$ ./ies4linux

and follow the on-screen directions. Incidentally it may be nice to have IE anyway, for web development if you do any of that. Then download AxCrypt from Sourceforge.net:

Navigate to the folder where that is located and run the following:

$ WINEPREFIX="/home/YOUR_USERNAME/.ies4linux/ie6" wine AxCrypt-Setup.exe

That should do it! Unfortunately I can’t help you decrypt without the passphrase…