Archive for the ‘How To’s’ Category
Although it is not ideal, sometimes you need to acquire a forensic disk image from a live system. This is often the case when you cannot take the host out of service for a dead disk acquisition. There are also times you need to rely on IT or security personnel to acquire a disk image, despite the fact they are not trained in modern forensic practices.
To guide you through an accepted method of acquiring a disk image from a live host, I have published a detailed ‘How-To‘ titled “Image a Disk Using FTK Imager.” FTK Imager is Access Data’s free imaging tool that is used around the world by forensic experts. If you follow the detailed steps in this document, you can correctly acquire a disk image that can be sent securely to a forensic examiner for analysis.
In my forensic work, I quite often have to send/receive forensic disk images to/from clients via FedEx or UPS. Since it is never a good idea to send digital data unencrypted via a common carrier, I encrypt hard disk volumes that contain forensic images using TrueCrypt.
To introduce you to TrueCrypt and walk you through the process of encrypting a hard disk volume, I wrote up a detailed ‘How-To‘ titled “Encrypt a Hard Disk Volume Using TrueCrypt.” I think you will agree, TrueCrypt is an amazing open-source project. I suggest you also consider encrypting hard disk volumes that contain your backups or any other sensitive data.
If you are a beginning or intermediate Linux enthusiast, this ‘How-To’ provides an in-depth, step-by-step guide on how to install Ubuntu Linux 10.04 (Lucid Linux) on an external USB hard drive. You can purchase one of these drives for less than $50 US. Having a full and bootable Ubuntu distro on one of these drives provides greater flexibility than installing it on a dedicated workstation.
I am a huge fan of Ubuntu Linux. Ever since the release 06.06 (‘Dapper Drake’) on August 10, 2006, Ubuntu is my distro of choice. I always carry a bootable USB stick containing the latest distro loaded with tools. It is really incredible how handy this is in my day-to-day IR and forensic work. I also a big fan of those small portable external USB drives sold by Western Digital, Seagate, Toshiba, etc.
It is quite easy to install Ubuntu Linux on an external USB drive. I have about half a dozen of these drives with Ubuntu installed – dedicated to specific purposes. One of these drives is used as my development and test environment for my soon to be released (and free) McAfee Command Line Scanner Project (MCLSP). I will have more to say about this in future posts; suffice it to say this project provides a bootable version of Ubuntu Linux that runs the ‘McAfee Windows Command Line Scanner’ on Linux! This is one very cool tool.
Download the ‘How-To’ and give Ubuntu Linux a test drive. One word of caution for those of you who wondering if the install instructions will work on a USB thumb drive. The answer is yes, it will work. I suggest, however, that you don’t do it. I have tested it and discovered running a full blown version of Ubuntu from a thumb drive is agonizingly slow. Remember, ‘installing’ a Linux distro on a thumb drive is different than creating a ‘ramdisk’ version. I will have more to say about this later.
If you are like me, you have little tolerance for unsolicited telemarketing calls and junk mail credit card and insurance solicitations. Another concern we share as security professionals is identity theft. About a year ago, I did a lot of research into these topics and developed a systematic approach to end the intrusive calls, remove 95% of the junk mail in my residential mailbox, and lock down my credit.
I wrote a ‘How-To’ to walk you through the simple steps of taking back ownership of your phones, mailbox and credit. The document is posted on the ‘How-To’ page. These simple steps really work. The only calls I get are from organizations that congress (foolishly) exempted from the ‘Do-Not-Call’ laws, such as political campaigns and non-profits. I get zero credit card and insurance solicitations. I also have security freezes on my credit from all three bureaus making it nearly impossible for an extension of credit in my name without my knowing about it.
Download this ‘How-To’ and send it to your friends and relatives.