• Version
• Download 344
• File Size 10.25 MB
• File Count 1
• Create Date August 28, 2014
• Last Updated April 19, 2022

HAKIN9 EXTRA 8/2012

Helix2009R1 is Forensically Sound…Surely?
By Amy Cox and Eyal Lemberger
The golden rule is that the initial media should not be altered. But ACPO do give some wriggle room with the secondary rule being that if the original media is altered in any way it must be done by someone who knows what they are doing and therefore understands the exact changes that happen. In other words and expert who can explain what has happened and why.

Real World Imaging Tips using Helix
By Keith Swanson
A RAW image in .dd format is the fastest and you may need to use that to speed things up. This format will also take up the most space on your target hard drive. So now we have to balance space issues with speed. We are all familiar with EnCase and the .E01 format. This will use less space but will also take more time.

Live Cds for Digital Forensics and Incident Response
By Jon Evans
As with any tool know its limitations as well as appreciating its strengths. It is also important to test your tools, become thoroughly familiar with how they operate to ensure that during deployment they perform as anticipated. It is also important to identify any potential pitfalls. This is crucial when performing Live Forensics where you are obtaining evidential data from live running systems. Whilst performing post mortem forensics Helix is a good tool, however like other well known Linux forensic CDs flaws have been identified. For example earlier versions of Linux boot cd’s which mounted file system even as read only would alter the journal count on ext3 filesystems, by decrementing it by one. Even though this effectively results in a 1 bit change, it is still a rather undesirable result potentially.

Helix 3: An Experience
By Elias Psyllos
One of the great features of Helix 3 Pro is the GUI face. Once Helix has fully booted you will see a clean and organized screen, as though you started the program from your desktop. For those that have not used this before, this is where it gets EASY. Go to the top left of the screen, select Applications, go down and select “Acquisitions and Analysis”. Select Helix 3 Pro, and the Helix 3 Pro Acquisition tool will appear.On the left side of the Acquisition tool, you will see a section labeled “SYSTEMS” and it will list all the hardware attached currently to the computer (e.g. hard drives, CD/DVD ROMS, thumb drives, external drives, etc.) as well as the partitions associated with each. Select your source drive (the drive you want to create the forensic image of) from the left side of the screen and then click the “AQUIRE” button. On the right hand side of the screen will appear the “Acquire Device” dialog/selection box.

Digital Investigation Concepts
By Mounir Kamal
Electronic evidence is an information and data of investigative value that is stored on, processed or transmitted by an electronic device. Any data may be exist in three major status for example a computer running operating system data may be stored in hard disk or may be in memory for the purpose of processing or sending it to over network or internet and you can collect evidences in every status and if we back to the diagram in figure 1 based on many factor you can decide from which status you can collect you evidence.

SOAP Hacking
By Ken Johnson from INFOSEC
Simple Object Access Protocol, or SOAP, leverages an XML structure for messages and typically communicates over HTTP protocol. Web service protocols are a lightweight communication mechanism useful for API driven connectivity and are often seen in use with mobile applications. To follow along with certain portions of the tutorial, you will need to install JRuby, Buby, Savon, and Nokogiri gems, and to download (or purchase) a copy of PortSwigger’s Burp Suite. The idea here is that to extend some of Burp’s capabilities to make attacking SOAP easier.

Atola Insight – More Than Just a Data Recovery Tool

By ATOLA Team
Atola Technology offers two hardware options for the DiskSense unit: USB and Ethernet. Both units have such features like serial port, real time current monitor, power control, write protection switch, buzzer, and LED indicators. Atola Insight Ethernet works with two ports to allow for direct disk-to-disk duplication, transfers data at speeds up to 110 MB/sec, and connects to an Ethernet port from any PC or laptop. Atola Insight USB ensures data transfer at speed up to 38 MB/sec and connects to the USB port with ease, also proper as mobile utilization. It’s up to you to make a decision which one of Atola DiskSense units you will enjoy using.

Attached Files