linux_forensics at Yahoo! Groups http://groups.yahoo.com/group/linux_forensics/ linux_forensics OSDFCon Survey Mon, 13 May 2013 16:33:55 GMT Brian Carrier http://groups.yahoo.com/group/linux_forensics/message/3697 http://groups.yahoo.com/group/linux_forensics/message/3697 We had more submissions to OSDFCon (http://www.osdfcon.org) this year than we have speaking slots. To make this a community effort, we're collecting feedback Open Source Forensics CFP Reminder Fri, 26 Apr 2013 17:33:10 GMT Brian Carrier http://groups.yahoo.com/group/linux_forensics/message/3696 http://groups.yahoo.com/group/linux_forensics/message/3696 Reminder that submissions are due May 1. As always, we're interested in presentations on new tools, old tools, user experiences, complaints about tools, etc. Re: Linux tools for ARM Mon, 15 Apr 2013 20:02:49 GMT Greg Freemyer http://groups.yahoo.com/group/linux_forensics/message/3695 http://groups.yahoo.com/group/linux_forensics/message/3695 I've experimented with BackTrack 5, but I don't recall it having forensic tools? ie. imagers, log2timeline, registry parsers, etc. Is there a list of tools on Re: Linux tools for ARM Mon, 15 Apr 2013 19:09:43 GMT Fornzix http://groups.yahoo.com/group/linux_forensics/message/3694 http://groups.yahoo.com/group/linux_forensics/message/3694 Kali Linux, the successor to BackTrack 5, also has support for ARM and includes forensic and security tools. Here's a link in case you're interested: <Kali Linux tools for ARM Mon, 15 Apr 2013 17:15:43 GMT Greg Freemyer http://groups.yahoo.com/group/linux_forensics/message/3693 http://groups.yahoo.com/group/linux_forensics/message/3693 All, I guess we all know ARM cpu's are becoming a major factor and drive smartphones, pads, etc. You may not realize that motherboards and soon even servers Re: best carver to pull an apple mail out of an image? Fri, 12 Apr 2013 18:36:41 GMT Simson Garfinkel http://groups.yahoo.com/group/linux_forensics/message/3692 http://groups.yahoo.com/group/linux_forensics/message/3692 The BEViewer https://github.com/simsong/bulk_extractor/wiki/BEViewer ... [Non-text portions of this message have been removed] Re: best carver to pull an apple mail out of an image? Fri, 12 Apr 2013 17:07:14 GMT Greg Freemyer http://groups.yahoo.com/group/linux_forensics/message/3691 http://groups.yahoo.com/group/linux_forensics/message/3691 Okay, Dumb question time. What interface? I only know about the CLI command. Greg ... [Non-text portions of this message have been removed] Re: best carver to pull an apple mail out of an image? Fri, 12 Apr 2013 12:57:44 GMT Simson Garfinkel http://groups.yahoo.com/group/linux_forensics/message/3690 http://groups.yahoo.com/group/linux_forensics/message/3690 Greg, I'm glad that you were able to do well with bulk_extractor. You might want to look at the User Interface. it would allow you to search for the email Re: best carver to pull an apple mail out of an image? Fri, 12 Apr 2013 01:44:44 GMT Greg Freemyer http://groups.yahoo.com/group/linux_forensics/message/3689 http://groups.yahoo.com/group/linux_forensics/message/3689 All, In my case, bulk_extractor found about 90,000 rfc822 related fragments (or full emails). I then did a simple grep through those to find the specific best carver to pull an apple mail out of an image? Thu, 11 Apr 2013 04:30:04 GMT Greg Freemyer http://groups.yahoo.com/group/linux_forensics/message/3688 http://groups.yahoo.com/group/linux_forensics/message/3688 I've got a case where I need to find one specific email. It was sent via Apple Mail on a Mac about 6 months ago. It was deleted a couple months later. I'm Open Source Forensics Conference CFP Mon, 08 Apr 2013 13:54:41 GMT Brian Carrier http://groups.yahoo.com/group/linux_forensics/message/3687 http://groups.yahoo.com/group/linux_forensics/message/3687 The 4th Annual Open Source Digital Forensics Conference will be held on November 5, 2013 in Chantilly, VA. You are invited to submit a presentation or frag_find 1.0.0 Sat, 06 Apr 2013 18:09:39 GMT Simson Garfinkel http://groups.yahoo.com/group/linux_forensics/message/3686 http://groups.yahoo.com/group/linux_forensics/message/3686 All, frag_find is a hash-based carving tool. The current version didn't compile under current versions of Linux and was tied up in the NPS Bloom Filter Re: Thanks to OSS forensic tool writers -- & CAINE & DEFT, too Mon, 01 Apr 2013 17:35:21 GMT Sandro Rossetti http://groups.yahoo.com/group/linux_forensics/message/3685 http://groups.yahoo.com/group/linux_forensics/message/3685 ... Ciao people... as far as I know The Italian Police Uses both Deft&Caine BUT No LEA never gave a single cent for its dev or distribution. What done so far Re: Thanks to OSS forensic tool writers -- & CAINE & DEFT, too Sun, 31 Mar 2013 17:53:17 GMT Paul D. Bain http://groups.yahoo.com/group/linux_forensics/message/3684 http://groups.yahoo.com/group/linux_forensics/message/3684 ... Please, let us not forget the fine, Italian police who create and distribute CAINE Ubuntu. These folks recently released a new version of CAINE: A big thank you to the linux oss forensic tool writers Sun, 31 Mar 2013 13:31:54 GMT Greg Freemyer http://groups.yahoo.com/group/linux_forensics/message/3683 http://groups.yahoo.com/group/linux_forensics/message/3683 I would like to extend my appreciation to the writers of linux opensource software for digital forensics: In the last year the main names I can think of are