Presentation is loading. Please wait.

Presentation is loading. Please wait.

Intro to Linux for Cyber Crime Investigators and Computer Forensic Examiners By Ernest Baca

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Intro to Linux for Cyber Crime Investigators and Computer Forensic Examiners By Ernest Baca"— Presentation transcript:

1 Intro to Linux for Cyber Crime Investigators and Computer Forensic Examiners By Ernest Baca ebaca@linux-forensics.com www.linux-forensics.com

2 History of Linux 1991 Computer hardware was pushing the limits beyond what anyone expected – DOS was still reigning supreme in the world of personal computers. PC users had no other choice. Apple Macintosh prices were astronomical. 1991 Computer hardware was pushing the limits beyond what anyone expected – DOS was still reigning supreme in the world of personal computers. PC users had no other choice. Apple Macintosh prices were astronomical. The other dedicated camp of computing was the Unix world. Unix was far more expensive and out of reach from PC users. The source code of Unix, once taught in Universities courtesy of Bell Labs, was now cautiously guarded. The other dedicated camp of computing was the Unix world. Unix was far more expensive and out of reach from PC users. The source code of Unix, once taught in Universities courtesy of Bell Labs, was now cautiously guarded. A solution appeared on the horizon called MINIX. It was written from scratch by Andrew S. Tanenbaum, a Dutch professor who wanted to teach his students the inner workings of a real operating system. It was designed to run on the Intel 8086 microprocessor. A solution appeared on the horizon called MINIX. It was written from scratch by Andrew S. Tanenbaum, a Dutch professor who wanted to teach his students the inner workings of a real operating system. It was designed to run on the Intel 8086 microprocessor.

3 History Continued MINIX was not a superb operating system, but it had the advantage that the source code was available. MINIX was not a superb operating system, but it had the advantage that the source code was available. In 1991, Linus Benedict Torvalds was a second year student of Computer Science at the University of Helsinki and a self taught hacker. Torvalds loved to tinker with the power of computers and the limits which the system could be pushed. All that was lacking was an operating system that could meet the demands of professionals. MINIX was good, but still it was an operating system for students, designed as a teaching tool. In 1991, Linus Benedict Torvalds was a second year student of Computer Science at the University of Helsinki and a self taught hacker. Torvalds loved to tinker with the power of computers and the limits which the system could be pushed. All that was lacking was an operating system that could meet the demands of professionals. MINIX was good, but still it was an operating system for students, designed as a teaching tool. At the same time, programmers worldwide were greatly inspired by the GNU project by Richard Stallman, a software movement started in 1983 to provide free quality software. (GNU is a recursive acronym which actually stands for ‘GNU is Not UNIX’). At the same time, programmers worldwide were greatly inspired by the GNU project by Richard Stallman, a software movement started in 1983 to provide free quality software. (GNU is a recursive acronym which actually stands for ‘GNU is Not UNIX’).

4 History Continued August 25, 1991 the historic post was sent to the MINIX newsgroup by Linus Torvalds. August 25, 1991 the historic post was sent to the MINIX newsgroup by Linus Torvalds. Linus did not believe at the time that Linux was going to be big enough to change computing forever. Linus did not believe at the time that Linux was going to be big enough to change computing forever. Linux version 0.01 was released by mid September 1991 and was put on the Internet. Enthusiasm gathered and codes were downloaded, tweaked, and returned to Linus. Linux 0.02 came October 5 th. Linux version 0.01 was released by mid September 1991 and was put on the Internet. Enthusiasm gathered and codes were downloaded, tweaked, and returned to Linus. Linux 0.02 came October 5 th. That was the start of a new generation Operating system That was the start of a new generation Operating system

5 Why Learn Linux for Cyber Crime Investigations? Linux is one of the fastest growing operating systems. Odds of a Cyber Crime Investigator encountering a Linux system is becoming greater. Linux is one of the fastest growing operating systems. Odds of a Cyber Crime Investigator encountering a Linux system is becoming greater. The Internet is made up of a majority of Linux systems. Learning the basic Linux system will help the investigator understand concepts in order to effectively investigate Cyber Crime. The Internet is made up of a majority of Linux systems. Learning the basic Linux system will help the investigator understand concepts in order to effectively investigate Cyber Crime. A majority hackers and hard core cyber-criminals don’t use Windows based Systems. Learning the basic Linux concepts will help the Investigator effectively interview witnesses and suspects. A majority hackers and hard core cyber-criminals don’t use Windows based Systems. Learning the basic Linux concepts will help the Investigator effectively interview witnesses and suspects. Learning the Linux system will assist the Investigator in Crime Scene response if a Linux system is encountered. Learning the Linux system will assist the Investigator in Crime Scene response if a Linux system is encountered.

6 Misconceptions about Linux Linux is to hard to learn! Linux is to hard to learn! Linux is for the Ya Ya Brotherhood and Ya Ya Sisterhood of computer gurus! Linux is for the Ya Ya Brotherhood and Ya Ya Sisterhood of computer gurus! Linux is hard to install! Linux is hard to install! If you know Linux you’re a COMPUTER GOD! If you know Linux you’re a COMPUTER GOD! Linux is not a good teaching tool. Linux is not a good teaching tool. Linux is only command line driven and therefore to difficult! Linux is only command line driven and therefore to difficult! You must know every Linux command to do anything useful with it. You must know every Linux command to do anything useful with it.

7 Understanding Linux Linux Versions are referred to as Kernel Versions Linux Versions are referred to as Kernel Versions Linux Systems are referred to as Distributions. Linux Systems are referred to as Distributions. Distribution is a collection of software that runs on the Linux Kernel. Also referred to as a Distro. Distribution is a collection of software that runs on the Linux Kernel. Also referred to as a Distro. Different distributions run differently (ex: file structure may be different) Different distributions run differently (ex: file structure may be different) All distributions available for download. All distributions available for download. Source code is available for all distributions of Linux. Source code is available for all distributions of Linux.

8 Linux Distributions Redhat – Most popular amongst industry Redhat – Most popular amongst industry Debian – Many distributions are based on this distribution Debian – Many distributions are based on this distribution Mandrake – Very popular distribution Mandrake – Very popular distribution Suse – Most software rich distribution. Suse – Most software rich distribution. Slackware – Most popular amongst hackers. Very user unfriendly Slackware – Most popular amongst hackers. Very user unfriendly Gentoo – Slowly replacing Slackware Gentoo – Slowly replacing Slackware Many more! Many more!

9 Next Generation Data Forensics The Linux Solution

10 What is Data Forensics? Process: Process: Imaging data stored in electronic format Imaging data stored in electronic format Authentication of Image Authentication of Image Analyzing the data Analyzing the data Reporting results in a neutral manner Reporting results in a neutral manner

11 How does Linux fit in to Data Forensics? An out of the box Linux system already has the built in ability to image, authenticate, wipe, and search media! An out of the box Linux system already has the built in ability to image, authenticate, wipe, and search media!

12 Benefits of Linux as a Forensic Tool Everything, including hardware, is treated as a file Everything, including hardware, is treated as a file Support for numerous file system types (many not recognized by windows) Support for numerous file system types (many not recognized by windows) Ability to mount a file Ability to mount a file Ability to analyze a live system in a safe and minimally invasive manner (No hardware or software write blocker needed) Ability to analyze a live system in a safe and minimally invasive manner (No hardware or software write blocker needed) Ability to redirect standard output to input (Multiple commands on one line) Ability to redirect standard output to input (Multiple commands on one line) Ability to review source code for most utilities Ability to review source code for most utilities Ability to create bootable media Ability to create bootable media Linux is free as well as the source code Linux is free as well as the source code Tools are mostly Free or inexpensive (Bottom Line Cost efficient) Tools are mostly Free or inexpensive (Bottom Line Cost efficient)

13 Questions of Death! Does your software make mistakes? Does your software make mistakes? How do I know your software does what it says it does? How do I know your software does what it says it does? Can you validate what you did? Can you validate what you did?

14 Linux Tools TASK & Autopsy –Tool used in data recovery and also used for data examination www.atstake.com TASK & Autopsy –Tool used in data recovery and also used for data examination www.atstake.com www.atstake.com Foremost – Data carving tool. Foremost.sourceforge.net Foremost – Data carving tool. Foremost.sourceforge.net Corners Toolkit – Used for data recovery www.porcupine.org/forensics/tct.html Corners Toolkit – Used for data recovery www.porcupine.org/forensics/tct.html www.porcupine.org/forensics/tct.html Maresware – Linux tools for data forensics. www.dmares.com Maresware – Linux tools for data forensics. www.dmares.com SMART Forensic Software – GUI based forensic software used for data acquisition, validation, examination and reporting. www.asrdata.com SMART Forensic Software – GUI based forensic software used for data acquisition, validation, examination and reporting. www.asrdata.com www.asrdata.com Glimpse – Data Indexing and search tool. www.glimpse.cs.arizona.edu

15 Linux Bootable Distributions Bootable Business Card – Linux boot CD image suitable to burn onto business card CD. www.lnx-bbc.org Bootable Business Card – Linux boot CD image suitable to burn onto business card CD. www.lnx-bbc.org www.lnx-bbc.org PLAC – Portable Linux Auditing CD sourceforge.net/projects/plac PLAC – Portable Linux Auditing CD sourceforge.net/projects/plac F.I.R.E – Another bootable Linux CD. Fire.dmzs.com F.I.R.E – Another bootable Linux CD. Fire.dmzs.com Knoppix – GUI based Linux bootable CD. www.knoppix.de Knoppix – GUI based Linux bootable CD. www.knoppix.de

16 Useful Linux Links http://Ohiohtcia.org/linuxintro-1.8.1.pdf - Introduction to Linux for Data Forensics. http://Ohiohtcia.org/linuxintro-1.8.1.pdf - Introduction to Linux for Data Forensics. http://Ohiohtcia.org/linuxintro-1.8.1.pdf http://www.crazytrain.com – Website devoted to Linux Data Forensics http://www.crazytrain.com – Website devoted to Linux Data Forensics http://www.crazytrain.com http://www.linux.org – Good Linux resource for learning http://www.linux.org – Good Linux resource for learning http://www.linux.org http://www.linux-directory.com – Another good Linux resource http://www.linux-directory.com – Another good Linux resource http://www.linux-directory.com http://www.linux-forensics.com – My website devoted to the use of Linux as a data forensic tool. (Currently Under Construction) http://www.linux-forensics.com – My website devoted to the use of Linux as a data forensic tool. (Currently Under Construction) http://www.linux-forensics.com

17 DEMO TIME!!!

Download ppt "Intro to Linux for Cyber Crime Investigators and Computer Forensic Examiners By Ernest Baca"

Similar presentations

CyberPatriot: An Introduction to GNU/Linux 9/10/10 Joshua White Director of CyOON R&D Everis Inc (315) 370-1535.

CyberPatriot: An Introduction to GNU/Linux 9/10/10 Joshua White Director of CyOON R&D Everis Inc (315)
Operating Systems An Introduction. 2 What Does An Operating System Do? Manages the hardware and software resources of the system. In a desktop computer,

Operating Systems An Introduction. 2 What Does An Operating System Do? Manages the hardware and software resources of the system. In a desktop computer,
By- Anjali Bhardwaj. An operating system (OS) is a collection of software that manages computer hardware resources and provides common services for computer.

By- Anjali Bhardwaj. An operating system (OS) is a collection of software that manages computer hardware resources and provides common services for computer.
The Penguin Sleuth Kit By Ernest Baca

The Penguin Sleuth Kit By Ernest Baca
Next Generation Data Forensics & Linux Thomas Rude, CISSP August 2002.

Next Generation Data Forensics & Linux Thomas Rude, CISSP August 2002.
GNU / Linux A free operating system. Summary History What can you find on a Linux OS Linux Economy.

GNU / Linux A free operating system. Summary History What can you find on a Linux OS Linux Economy.
V2012.13. 2 Avon High School Tech Crew Agenda Old Business –Delete Files New Business –Week 7 Topics: Tech Talks Field Trip Complete VirtualBox/Ubuntu.

V Avon High School Tech Crew Agenda Old Business –Delete Files New Business –Week 7 Topics: Tech Talks Field Trip Complete VirtualBox/Ubuntu.
Linux vs. Windows. Linux  Linux was originally built by Linus Torvalds at the University of Helsinki in 1991.  Linux is a Unix-like, Kernal-based, fully.

Linux vs. Windows. Linux  Linux was originally built by Linus Torvalds at the University of Helsinki in  Linux is a Unix-like, Kernal-based, fully.
History of UNIX Fergus Toolan Intelligent Information Retrieval Group University College Dublin.

History of UNIX Fergus Toolan Intelligent Information Retrieval Group University College Dublin.
University of Utah 1 “Free software” Remember... In the beginning, all software was free -Just a means to sell hardware.

University of Utah 1 “Free software” Remember... In the beginning, all software was free -Just a means to sell hardware.
CMPTR1 CHAPTER 3 COMPUTER SOFTWARE Application Software – The programs/software/apps that we run to do things like word processing, web browsing, and games.

CMPTR1 CHAPTER 3 COMPUTER SOFTWARE Application Software – The programs/software/apps that we run to do things like word processing, web browsing, and games.
CS 497C – Introduction to UNIX Lecture 3: Inside UNIX Chin-Chih Chang

CS 497C – Introduction to UNIX Lecture 3: Inside UNIX Chin-Chih Chang
The Growing Popularity of Linux in E-Commerce Linus Torvalds.

The Growing Popularity of Linux in E-Commerce Linus Torvalds.
Lecture 14: Review Intro to IT COSC1078 Introduction to Information Technology Lecture 15 Operating Systems James Harland

Lecture 14: Review Intro to IT COSC1078 Introduction to Information Technology Lecture 15 Operating Systems James Harland
Introduction to Linux Chapter 1. Operating Systems Operating System (OS) - most basic and important software on a computer Performs core tasks Organize.

Introduction to Linux Chapter 1. Operating Systems Operating System (OS) - most basic and important software on a computer Performs core tasks Organize.
Linux Introduction. Overview What is Unix/Linux? History of Linux Features Supported Under Linux The future of Linux.

Linux Introduction. Overview What is Unix/Linux? History of Linux Features Supported Under Linux The future of Linux.
Linux Operating system

Linux Operating system
 Advantages  Easy to learn  Graphical Advantages  Help and Support  Widely used  Software compatibility  Customisable  Customisable Hardware 

 Advantages  Easy to learn  Graphical Advantages  Help and Support  Widely used  Software compatibility  Customisable  Customisable Hardware 
Unix Presentation. What is an Operating System An operating system (OS) is a program that allows you to interact with the computer -- all of the software.

Unix Presentation. What is an Operating System An operating system (OS) is a program that allows you to interact with the computer -- all of the software.
Linux Basics. What is an Operating System (OS)? An Operating System (OS) is an interface between hardware and user which is responsible for the management.

Linux Basics. What is an Operating System (OS)? An Operating System (OS) is an interface between hardware and user which is responsible for the management.

Similar presentations

Ads by Google