The Sleuth Kit Informer

http://www.sleuthkit.org/informer
http://sleuthkit.sourceforge.net/informer

Brian Carrier
carrier at sleuthkit dot org

Issue #9
October 15, 2003


Contents


Introduction

The ninth issue of The Sleuth Kit Informer is the shortest thus far. I'm taking my summer vacation from the Informer a little late this year and am skipping the main article for the October issue. I have been busy reviewing the submissions for the Honeynet Scan of the Month #29, which was a Linux system running in VMWare that was suspended and the participants had to confirm the system was broken into and analyze it (It is a lot of work for a contest that doesn't have a prize). Anyway, my official writeup is fairly thorough so that it can be a good case study for using The Sleuth Kit and Autopsy. This challenge can nicely utilize the sorter functionality (the MD5s of all files were taken before the system was deployed) and the event sequencer function.

     http://www.honeynet.org/scans/scan29/


What's New?

Back in August, a thread on the cftt at yahoogroups dot com email list came to the discussion of a public database of bugs in forensic tools. The goal was to allow people to track bugs in common forensic tools and submit bugs to the database that had also been reported to the vendor. I think this is a great idea and there have been off-line discussions since then to figure out the logistics.

In the mean time, I have started to utilize the bug tracking features of Source Forge and now enter the open bugs and their fixes. It is the same information that I used to add to the TODO list, but this is more public and easier to access. In the future, this database will hopefully exist along with a database maintained by the digital forensic community.

Autopsy Bugs:
     http://sourceforge.net/tracker/?group_id=55687&atid=477897

Sleuthkit Bugs:
     http://sourceforge.net/tracker/?group_id=55685&atid=477889


Copyright © 2003 by Brian Carrier. All Rights Reserved