Domain: dmzs.com
Stories and comments across the archive that link to dmzs.com.
Comments · 14
-
Re:Don't care how they do it..
Spam Assassin is a great compliment to GMail's spam filters.
1) I use IMAP Spam Begone to check my google inbox and mark stuff as spam/not spam.
2) I use DMZ's remote SA-Learn to learn spam from my google spam folder (after I check it for false positives) and I use it to learn ham of stuff that IT marked wrong.Result, I haven't had any spam make it through since I started using it.
(Both scripts do require editing isbg.py hasn't been updated in 5 years, so to work with newer python I fixed some things and sa-learn.pl needed to be edited to work with GMAil).
Just enable IMAP in gmail and go.
-
Re:strace
Dont forget these, any one will provide the needed/wanted tools for recovery.
Forensic and Incident Response Environment: http://fire.dmzs.com/
Linux Bootable Business Card: http://www.lnx-bbc.org/
Ultimate Boot CD: http://ubcd.sourceforge.net/
Knoppix Security Tools Distribution: http://www.knoppix-std.org/
SystemRescueCd: ahref=http://www.sysresccd.org/rel=url2html-26348h ttp://www.sysresccd.org/> -
Re:I always wondered
anyone have a good recovery utility for a fubar'd EXT3 drive?
Try FIRE. It's a purpose built forensics live cd, but very handy for recovering data as well. http://fire.dmzs.com/ -
Re:Find the expert
The tool you are probably talking about is EnCase. It is probably the most common forensics tool out there today. It works really well for Windows PCs but loses effectivness the further away you get OS wise from there. It will barf with anythung not FAT/NTFS/EXT3 maybe UFS I don't recall. Fire http://fire.dmzs.com/ will cover a lot of unix filesystems. Almost all these tools where written to perform forensics on hard drives, Encase in particular is really useful for tracking down porn. I used to do this type of work for a national security co. and I was amazed that EVERYONE had porn on there drive. Encase makes it a piece of cake to find because they sell a lot to LEAs whose primary forensics work is tracking down kiddy porn. Tracking down more complex attacks requires expertise not currently available at most, if not all, Local LEAs. A good collection of stories about these more complex attacks are the "Hacker's Challenge" books. Full disclosure: I am one of the authors of both those books.
-
What You Should Use
The fact of the matter is that NTFS 5 is the one file system that it appears no one can reliably write to without creating problems, except windows. Most file utils want you to boot to DOS, Knoppix boots you to Linux, and if you're lucky, you can read, but not write.
You should use captive-ntfs on Knoppix, or better yet:
- Knoppix STD -- Security Tools Sistribution, a customized distribution of the Knoppix Live Linux CD. Boot to the CD and you have Knoppix-STD. That would include a customized linux kernel (2.4.21 with ntfs rw, openmosix, and superfreeswan patches), Fluxbox windows manager, incredible hardware detection and hundreds of applications. Boot without the CD and you return to your original operating system. Aside from borrowing power, peripherals and some RAM, Knoppix-STD doesn't touch the host computer.
- Local Area Security Linux -- a Live CD distribution with a small footprint. Containing over 200 information security and administration related tools. As well as a full desktop environment and office productivity applications. With such a small footprint L.A.S. Linux can be optionally loaded and run from physical RAM (assuming there is 256MB or more). We currently have 2 different versions of L.A.S. to fit two specific size requirements.
- dyne:bolic -- a GNU/Linux distribution simply running from a CD, without the need to install anything, able to recognize most of your devices and periferals: sound, video, TV, network cards, firewire, usb devices and more. It is optimized to run on slower computers, turning it into a full media station: the minimum you need is a pentium1 or k5 PC 64Mb RAM and IDE CD-ROM, or a modded XBOX game console -- and if you have more than one, you can easily do clusters.
- F.I.R.E. -- Forensic and Incident Response Environment Bootable CD, a.k.a. DMZS-Biatchux, a portable bootable cdrom based distribution with the goal of providing an immediate environment to perform forensic analysis, incident response, data recovery, virus scanning and vulnerability assessment.
I hope it helps.
-
Re:Sure, but ...
-
Another OSS CDR -- FIRE
Try FIRE. I've only used it once, but it seems to have a lot of interesting stuff (though it has a bit of a different, more security oriented focus). A look at the "Tools Available" list is educational all by itself.
-
F.I.R.E.Forensic and Incident Responce Environment
FIRE is a portable bootable cdrom based distribution with the goal of providing an immediate environment to perform forensic analysis, incident response, data recovery, virus scanning and vulnerability assessment.
Also provides necessary tools for live forensics/analysis on win32, sparc solaris and x86 linux hosts just by mounting the cdrom and using trusted static binaries available in /statbins. -
Lindows is great
Lindows is great but what I'd really like to see is a choice: Knoppix, Dyne:bolic or Biatchux. These are all GNU/Linux live bootable CD-ROM based operating systems with automatic hard ware detection, which makes them particularly well suited for such a purpose. Knoppix is a general-purpose system, Dyne:bolic is for multimedia production and broadcasting and Biatchux is a data recov./forensics anal. and incident response tool, which is great if one buys a new hard drive because one's old one contains important data but the system/security failure has made it inoperative. I do really hope more hard ware vendors will employ my idea, which I have been promoting for quite some time now as someone who is sort of into operating systems in my institute. Lindows should prepare the new ground for professional operating systems. This is great news indeed. All we have to worry about is making sure there will be no hard drives with Microsoft operating systems preinstalled, but Microsoft is a convicted illegal monopolist, so they wouldn't be able to do it anyway, thanks to DoJ verdict. Great news and a very interesting article.
-
Re:Live CDs
In addition to the lists above, there's Fire Linux, a favorite of mine. Great for recovery of Windows and Linux machines.
-
Re:Troubleshooting Potential
It could, but there are many other, better, bootable distributions for that sort of thing. Three with a security (and thus forensics and recovery) twist that are all more useful in that sort of situation are:
F.I.R.E
knoppix-std
l.a.s. -
F.I.R.E. link
here is FIRE
-
I LOVE the GIMP, but...
I'll still think of it as the GIMP for a few years
;)
the name is offensive to some people.
I use the GIMP all the time. I have my own copy of Grokking the GIMP. It is a great tool and I think it is an easy way to show people the power of Open Source programming.
However, no matter who I mention it too (outside of people who use Open Source), they always take issue with the name in some way.
Either they are crude: "Cool, they named that program after a sex slave|cripple|etc." Which I don't want to associate with Open Source.
or, they are shocked and outraged: "Nice program, but I would never use it. The name is offensive to the disabled community."
Some people look past the name and I explain that it is an acronym. Still, and a good point, they mention that any acronym could have been made up. "Whoever did it thought they were being clever."
What do other people think of the name? This may be off-topic, but I am interested to find out. Could project names stop the widespread adoption of Open Source?
Case in point. The Bootable Linux Forensic CD distro biatchux recently changed its name to F.I.R.E or (Forensic and Incident Response Environment). I am not sure why, but my guess is to aid its adoption rate among the group (mostly security and law enforcement) that needs it most. The name biatchux may be off-putting in the company report after all.
I put it to the
/. community. What do you think about some of the project names out there? What are some of the quote-unquote worst and best? Have any others changed names for similar reasons?
I am not passing judgement, mind you. I am just asking.
-
I LOVE the GIMP, but...
I'll still think of it as the GIMP for a few years
;)
the name is offensive to some people.
I use the GIMP all the time. I have my own copy of Grokking the GIMP. It is a great tool and I think it is an easy way to show people the power of Open Source programming.
However, no matter who I mention it too (outside of people who use Open Source), they always take issue with the name in some way.
Either they are crude: "Cool, they named that program after a sex slave|cripple|etc." Which I don't want to associate with Open Source.
or, they are shocked and outraged: "Nice program, but I would never use it. The name is offensive to the disabled community."
Some people look past the name and I explain that it is an acronym. Still, and a good point, they mention that any acronym could have been made up. "Whoever did it thought they were being clever."
What do other people think of the name? This may be off-topic, but I am interested to find out. Could project names stop the widespread adoption of Open Source?
Case in point. The Bootable Linux Forensic CD distro biatchux recently changed its name to F.I.R.E or (Forensic and Incident Response Environment). I am not sure why, but my guess is to aid its adoption rate among the group (mostly security and law enforcement) that needs it most. The name biatchux may be off-putting in the company report after all.
I put it to the
/. community. What do you think about some of the project names out there? What are some of the quote-unquote worst and best? Have any others changed names for similar reasons?
I am not passing judgement, mind you. I am just asking.