cybercrimetech.com
Revisiting REAPER: Automating digital forensic investigations
http://www.cybercrimetech.com/2015/07/revisiting-reaper-automating-digital.html
Digital Forensic Science: Research Practice. Revisiting REAPER: Automating digital forensic investigations. 1] was one of the first projects that I worked on during my PhD. It started around 2008, when I got interested in trying to completely automate digital forensic investigations. Yes, it sounds impossible, but I wanted to see how far we could automatically handle digital evidence. This was a little before digital forensic triage [2] and preliminary analysis gained popularity. Was used to extract as m...
cybercrimetech.com
[How to] Brute forcing password cracking devices (LUKS)
http://www.cybercrimetech.com/2014/08/how-to-brute-forcing-password-cracking.html
Digital Forensic Science: Research Practice. How to] Brute forcing password cracking devices (LUKS). We have written in the past about how to crack passwords on password-protected RAR and ZIP files. But in those cases someone wrote a program to extract the password hashes. From the RAR and ZIP files first. After that, we could use John the Ripper. In this tutorial, I will be brute-force attacking a LUKS encrypted file. Using John the Ripper. Maybe the investigator has no memory image of the suspect devic...
cybercrimetech.com
Clearing USB disk read cache for testing and forensics in Linux
http://www.cybercrimetech.com/2015/06/clearing-usb-disk-read-cache-for.html
Digital Forensic Science: Research Practice. Clearing USB disk read cache for testing and forensics in Linux. When copying data from USB devices in Linux (Debian / Ubuntu), you may have noticed that reading data from the disk the first time takes a while, and reading the second time takes only a few seconds. When looking how to disable read cache, I found a lot of information about disabling write. Cache, but not a lot about disabling read. Sudo hdparm -W 0 /dev/[device]. To do this, we need to echo a va...
cybercrimetech.com
July 2015
http://www.cybercrimetech.com/2015_07_01_archive.html
Digital Forensic Science: Research Practice. Revisiting REAPER: Automating digital forensic investigations. 1] was one of the first projects that I worked on during my PhD. It started around 2008, when I got interested in trying to completely automate digital forensic investigations. Yes, it sounds impossible, but I wanted to see how far we could automatically handle digital evidence. This was a little before digital forensic triage [2] and preliminary analysis gained popularity. Was used to extract as m...
cybercrimetech.com
November 2014
http://www.cybercrimetech.com/2014_11_01_archive.html
Digital Forensic Science: Research Practice. Korea Linux Forum 2014: Linux and Law Enforcement. On November 11, 2014 Joshua James of CybercrimeTech.com gave a presentation at the Korea Linux Forum. On Linux and Law Enforcement: Challenges and Opportunities. Presentation slides can be found at the link. A bit about the talk can be found below. Linux and Law Enforcement: Challenges and Opportunities. Benefits to the Ecosystem. Subscribe to: Posts ( Atom ). How-To] Installing thc Hydra in Ubuntu. Virtual Fo...
cybercrimetech.com
Projects
http://www.cybercrimetech.com/p/projects.html
Digital Forensic Science: Research Practice. Cybercrime Technologies is involved in a number of projects in association with Academia, Law Enforcement and Industry partners. While many of the projects may be related to Digital Investigation, hobby projects may also be listed. Code for most of our projects can be found at https:/ github.com/hvva. Image Classification using Python. Computer vision module for Autopsy. Developed by the BoB Outc4se team. Automated Network Triage (ANT). Digital Forensics) Full...
cybercrimetech.com
[How-to] Compiling John the Ripper to use all your processors for password cracking
http://www.cybercrimetech.com/2014/07/how-to-compiling-john-ripper-to-use-all.html
Digital Forensic Science: Research Practice. How-to] Compiling John the Ripper to use all your processors for password cracking. Today we are going to show you how to compile John the Ripper to use all of your processors (we will talk about compiling for NVIDIA GPUs later). First you should visit Openwall's site and download the John the Ripper. Source code. I recommend getting the community-enhanced. You also need to install a compiler and ssl. On Ubuntu systems, you can just install the. 8221; and choo...
cybercrimetech.com
March 2015
http://www.cybercrimetech.com/2015_03_01_archive.html
Digital Forensic Science: Research Practice. CFP] ICDF2C Submission Deadline Extended. The ICDF2C Call for Papers has been extended to April 13, 2015. See you in Seoul! CFP] ICDF2C Submissions Due 30 March. Just a reminder that submissions for ICDF2C are due on the 30th of March, 2015 (next week). For submission instructions please see: http:/ d-forensics.org/2015/show/cf-papers. Papers should be submitted through EasyChair. Subscribe to: Posts ( Atom ). How-To] Installing thc Hydra in Ubuntu. Virtual Fo...
cybercrimetech.com
February 2015
http://www.cybercrimetech.com/2015_02_01_archive.html
Digital Forensic Science: Research Practice. John the Ripper shared library error path fix on Linux. If you are using John the Ripper with CUDA, and you start to see errors like:. Unshadow: error while loading shared libraries: libcudart.so.6.5: cannot open shared object file: No such file or directory. First, check your paths. An example .bashrc might look like (64bit system):. Export LD LIBRARY PATH=${CUDA HOME}/lib64:$LD LIBRARY PATH. Add the path to your cuda library: /usr/local/cuda/lib64. Digital f...
cybercrimetech.com
Seoul Tech Society Crypto Event
http://www.cybercrimetech.com/2015/06/seoul-tech-society-crypto-event.html
Digital Forensic Science: Research Practice. Seoul Tech Society Crypto Event. On June 24th, Seoul Tech Society. Held an 'introduction to cryptography' event. First, Artem Lenskiy gave an overview of how symmetric and asymmetric encryption works. Followed by Joshua James with a hands-on tutorial about using GnuPG. For electronic document signing and encryption. Finally, Max Goncharov talked about the new Paranoid.EMAIL. Service. This was all rounded out with pizza and libations. To catch our next event.