Forensic Engineering

Grok Headline matches for Forensic Engineering

Shark Tank: When the best engineering is
social engineering

Shark Tank: When the best engineering is
social engineering 06/05/2005 10:55 PM
At this manufacturing plant, some of the good ol' boys clock in their buddies who routinely come in late, and the plant boss is stumped for how to stop it -- but his IT manager has an idea.

Forensic analysis

Forensic analysis 03/14/2005 06:21 PM
Well, most of the stuff is up and running (apart from all mailing lists). The Finnish blog awards are now back up and running, and even my normal email works now!

Here's a quick rundown on what happened:

• On Saturday, at about 23:25 person A using a machine from Brazil executed a series of commands using an awstats vulnerability (yes, we had it patched to the latest stable; no, apparently it was not enough).
• He was quiet for about 20 minutes, but at about 23:35 two other attackers B and C (or the same) from Italy and UK almost simultaneously launched a similar attack on the server.
• Person B was able to run "adduser" at 23:45 and add himself an account, logging in and promply downloading a rootkit which allowed him to have root privileges
• Person B then attempted to deface the site, but failed (thanks to the pretty hairy configuration we have over here)
• Person A returned at this point, and tried to execute a new attack, suggesting that he was not able to gain access before
• Person B ran "rm -rf /" on the server, starting to delete everything at about 23:55, presumably to cover his traces. Our logs end at 0:06, when the final daemons failed.
• I received first warning at 0:15. Luckily memory-resident processes kept running for some time, so I was able to inspect the situation and the machine was physically disconnected at about 1 am.

Sunday was mostly used to reinstall a completely new system and do a forensics analysis on the deleted partitions. Sleuthkit turned to be invaluable in reconstructing the deleted local log files (so yes, we have the exact times, methods, and IP addresses). Yes, it works on ext3 as well.

I have backed up most of the necessary stuff daily, so there is little that was lost permanently. Unfortunately I had not stored all the necessary config files, which is why system recovery took longer than expected. Also, due to an oversight none of the mailing lists were backed up, so once we have them established again, ya'll have to resubscribe. Very sorry about that :-/

Forensic Discovery

Forensic Discovery 02/01/2005 09:12 PM

Forensic discover with MACtimes

Forensic discover with MACtimes 01/04/2005 04:33 AM
At times knowing when something happened is more valuable than knowing what took place. There are two ways to get time data: by observing activity directly and by observing that activity's secondary effects on its environment. In this article, we focus on the latter.

UK forensic scientists to strike over
pay

UK forensic scientists to strike over
pay 05/18/2004 10:14 AM
Q-tips in pockets on 2 June

WiebeTech announces Forensic ComboDock

WiebeTech announces Forensic ComboDock 12/15/2003 04:30 PM
WiebeTech today announced the Forensic ComboDock, a write-blocked FireWire 800/400 and USB 2.0 bridge for 3.5-inch IDE drives...

Calpundit: Adventures in Forensic
Journalism

Calpundit: Adventures in Forensic
Journalism 02/16/2004 04:08 PM
Calpundit's excellent post on the Col. Burkett allegations .. Kevin Drum .. defense

calpundit.com/archives/003280.html
track this site | 4 links

Forensic tests reveal killer's ID

Forensic tests reveal killer's ID 04/27/2004 08:52 AM
DNA evidence proves that a woman who was murdered in 1996 was killed by a man who later committed suicide, say police.

WiebeTech announces Forensic SATADock

WiebeTech announces Forensic SATADock 04/04/2005 08:14 AM
WiebeTech today announced Forensic SATADock, which allows Serial ATA drives to mount via FireWire 800 (400 compatible) to a host computer...

Forensic experts to search quarry

Forensic experts to search quarry 08/22/2004 09:22 PM
The hunt to find the remains of a missing woman and her three-year-old son is set to begin in earnest.

Forensic computing uncloaks industrial
espionage

Forensic computing uncloaks industrial
espionage 07/15/2004 07:07 AM
Damning evidence wins case

Jackson Jurors Hear About Forensic
Testing (AP)

Jackson Jurors Hear About Forensic
Testing (AP) 03/25/2005 05:18 PM
AP - Prosecutors in Michael Jackson's child molestation trial on Friday showed the jury fingerprints they said were left by Jackson and his accuser on sexually explicit magazines seized from the pop star's Neverland ranch.

News: Forensic SATADock works with
FireWire

News: Forensic SATADock works with
FireWire 04/04/2005 08:49 AM
WiebeTech LLC on Monday introduced the Forensic SATADock, a new device that provides write-blocked access to Serial ATA (SATA)-based hard disk drives using FireWire 800 and FireWire 400 interfaces -- useful for IT personnel or forensic investigators who need to recover data from SATA drives. It includes SATA power and data connectors, a power switch, host-side FireWire 800 ports (downwardly compatible with FireWire 400) and an access indicator. It will connect any 2.5 or 3.5-inch SATA drive. WiebeTech expects to deliver the Forensic SATADock starting April 26, 2005 for US$449.95.

Wildlife forensic labs help put a stop
to poaching

Wildlife forensic labs help put a stop
to poaching 05/19/2004 07:16 PM
USA Today May 19 2004 11:54PM GMT

Do's and Don'ts of Forensic Computer
Investigations

Do's and Don'ts of Forensic Computer
Investigations 09/17/2004 10:38 AM

FCCU GNU/Linux Forensic Bootable CD 7.2
(Default branch)

FCCU GNU/Linux Forensic Bootable CD 7.2
(Default branch) 03/19/2005 03:22 AM
FCCU GNU/Linux Forensic Bootable CD is a bootable CD based on KNOPPIX that contains a lot of tools suitable for computer forensic investigatins, including bash scripts. Its main purpose is to create images of devices prior to analysis, and it is used by the Belgian Federal Computer Crime Unit.

---

Changes:
The brand new SleuthKit 2.0 was added. There is support for LVM and hfsplus. Tools added include lshw, scsitools, glark, mdbtools, gpsd, and more.

WiebeTech announces two forensic data
analysis products

WiebeTech announces two forensic data
analysis products 12/16/2003 10:09 AM
On Monday, storage solutions company WiebeTech announced the arrival of two new products designed to assist with forensic data analyses. The first one, Forensic ComboDock, is a write-blocked FireWire 800/400 and USB2 bridge for 3.5" IDE drives. It allows investigators to read data from a drive without writing any data to it. An optional adapter board is available for use with serial ATA drives.

Forensic video-cameras included in
next-gen stun-guns

Forensic video-cameras included in
next-gen stun-guns 12/19/2004 03:34 PM
Cory Doctorow: Two stun-gun manufacturers will add video-recorders to the next generation of their guns, for forensic purposes.

The video cameras will essentially record whenever a person is hit with one of the guns, which immobilize a victim by shooting massive amounts of electricity through them. The electricity does not kill or permanently damage a person hit, according to the companies, but being hit hurts quite a bit.

Link (via Engadget)

Forensic Analysis of a Live Linux
System, Part Two

Forensic Analysis of a Live Linux
System, Part Two 04/12/2004 07:31 PM

FCCU GNU/Linux Forensic Bootable CD 8.0
(Default branch)

FCCU GNU/Linux Forensic Bootable CD 8.0
(Default branch) 04/12/2005 05:18 PM
FCCU GNU/Linux Forensic Bootable CD is a bootable CD based on KNOPPIX that contains a lot of tools suitable for computer forensic investigatins, including bash scripts. Its main purpose is to create images of devices prior to analysis, and it is used by the Belgian Federal Computer Crime Unit.

---

Changes:
This release is based on Knoppix 3.8.1. It includes the Sleuthkit 2.01. dcfldd is included. A lot of packages were added.

Leading Forensic Human Identification
E-Symposium April 14, 2005

Leading Forensic Human Identification
E-Symposium April 14, 2005 03/14/2005 05:07 PM
International Web conference launches with free registration for law enforcement, lawyers and academics. [PRWEB Mar 1, 2005]

Police in New Brunswick use new forensic
techniques to crack cold cases

Police in New Brunswick use new forensic
techniques to crack cold cases 01/11/2004 11:35 PM
Canadian Press via Canada.com Jan 11 2004 4:35PM ET

Gun crime attacked with new National
Firearms Forensic Intelligence Database

Gun crime attacked with new National
Firearms Forensic Intelligence Database 12/03/2003 06:21 AM
PublicTechnology.net Dec 3 2003 6:06AM ET

Computer Crime Scene InvestigationDavid
Coursey offers seven guidelines to
conducting a forensic computer inve

Computer Crime Scene InvestigationDavid
Coursey offers seven guidelines to
conducting a forensic computer inve 09/17/2004 12:35 PM
eWeek Sep 17 2004 4:11PM GMT

User Engineering

User Engineering 05/28/2002 08:58 AM

Engineering An End to Aging

Engineering An End to Aging 06/02/2004 12:03 PM

TCP re-engineering tool

TCP re-engineering tool 06/28/2004 04:59 AM
Stable release 1.4.0

Electronic Engineering Tool 0.2-1

Electronic Engineering Tool 0.2-1 05/30/2004 01:23 PM
A Web-based tool with an electronic formula calculator and converter functions.

Electronic Engineering Tool 0.3-4

Electronic Engineering Tool 0.3-4 07/18/2004 12:11 PM
A Web-based tool with an electronic formula calculator and converter functions.

Photo: Engineering a flush

Photo: Engineering a flush 04/19/2005 11:16 AM
CNET News.com Apr 19 2005 2:54PM GMT

Director of Engineering (Perl)

Director of Engineering (Perl) 06/06/2005 12:03 AM
eQuest Solutions - United States, ca, Alhambra (2005-06-02)

Software Engineering Environment 0.01

Software Engineering Environment 0.01 05/08/2004 07:35 AM
An information manufacturing platform for software development.

Electronic Engineering Tool

Electronic Engineering Tool 05/09/2004 04:38 AM
Initial 0.1-1 Alpha Released

Electronic Engineering Tool 0.1-1

Electronic Engineering Tool 0.1-1 05/09/2004 08:44 AM
A Web-based tool with an electronic formula calculator and converter functions.

Lab Notes from Berkeley Engineering

Lab Notes from Berkeley Engineering 05/12/2004 10:00 AM
In this issue of Lab Notes, my research digest from UC Berkeley's College of Engineering:

* A.I. systems that uncover the needles in haystacks of data, from software bugs to hidden genes.
* Using x-ray microscopes to design concrete Band-Aids for decaying buildings and bridges.
* Medical imaging via modem that will enable remote village doctors to perform minimally-invasive cancer surgery.
Link

Software Engineering Environment 0.03

Software Engineering Environment 0.03 07/15/2004 12:13 AM
An information manufacturing platform for software development.

Social Engineering in the Workplace

Social Engineering in the Workplace 05/16/2004 05:06 AM

TCP Re-engineering Tool Stable 1.4.0

TCP Re-engineering Tool Stable 1.4.0 06/28/2004 06:34 AM
A TCP/IPv4/IPv6 re-engineering and monitoring program.

Software Engineering Environment 0.02

Software Engineering Environment 0.02 06/10/2004 12:03 AM
An information manufacturing platform for software development.
Grok Description matches for Forensic Engineering
GrokA matches for Forensic Engineering

Forensic Engineering

The following phrases have been identified by the grok system as matching this entry: