DEV Community

Introduction to computer forensics

Paula on May 08, 2019

Hey! How are you? Today I'm bringing a challenge for you guys, and for me too. I got pretty interested in Computer firensics due to a work colleagu...
Collapse
 
0n1r1k0 profile image
0n1r1k0

Hi, this is really interesting, I had never thought of such use for netcat. Anyway, I just want to point out that MD5 hashes are no longer safe. You can make that two totally different files have the same MD5 hash in a pretty trivial way. You can see more here if you wish.

exploit-db.com/docs/english/46047-...

Collapse
 
samuelabreu profile image
Samuel Abreu

It is wise nowadays use 2 or more hash algorithms, although SHA256 is strong today no one knows in a few years, as shattered.io/ demonstrate on SHA1.

Using 2 or more it get way more troublesome to generate the same hash even on 2 not safe anymore algorithms.

Collapse
 
terceranexus6 profile image
Paula

thank you for the advise!

Collapse
 
phlash profile image
Phil Ashby

Thanks Paula, nicely written and a good top-down start into forensics!

For those interested in learning more, I recommend the Forensics Wiki: forensicswiki.org/wiki/Main_Page which covers more interesting ways of imaging both volatile and persistent storage :)

Collapse
 
terceranexus6 profile image
Paula

yay! thanks

Collapse
 
samuelabreu profile image
Samuel Abreu • Edited

For data acquisition i recommend a forensic specific linux livecd, like caine-live.net/ or deftlinux.net/

Because on default settings linux distro usually don't mount storage as read-only, which it is a must on data acquisition.

Collapse
 
djpandab profile image
Stephen Smith

Yep good start to this topic. This is what I studied in school. Great read!

Collapse
 
dmery profile image
Daniel Mery

your work about digital forensics is really good and very clear

Collapse
 
terceranexus6 profile image
Paula

thank you!

Collapse
 
saysam84 profile image
saysam84

Thanks Paula

Collapse
 
p3k profile image
Tobi Schäfer

how secure is it to transfer the forensic data via network? couldn’t the network stack of the attacked machine be compromised, too? (e.g. send a copy of the data to the attacker?)