Jump to content


Photo
- - - - -

Forensic's Software


  • Please log in to reply
14 replies to this topic

#1 zacwhite15

zacwhite15

    the 0ne

  • Members
  • 1 posts
  • Country:
  • Gender:Male
  • Location:SL, UT

Posted 18 November 2010 - 02:51 AM

hey guys i need some suggestion's for a nice suite of forensic software. i am not a noob when it comes to hacking, etc. i need something that can recover information off of any filesystem format, biggest ones are HFS, NTFS, and *nix filesystems. im not doing anything illegal if thats what your asking. i was approached by a friend who suspects her hubby of cheating and she wants me to do a little snooping on the system. only prob is he is a fairly smart guy so i need to be able to get in, recover files, etc and get out without leaving a trace. so any suggestions would be greatly appreciated :)

#2 nyphonejacks

nyphonejacks

    Dangerous free thinker

  • Members
  • 793 posts
  • Gender:Male
  • Location:718

Posted 19 November 2010 - 02:25 PM

hey guys i need some suggestion's for a nice suite of forensic software. i am not a noob when it comes to hacking, etc. i need something that can recover information off of any filesystem format, biggest ones are HFS, NTFS, and *nix filesystems. im not doing anything illegal if thats what your asking. i was approached by a friend who suspects her hubby of cheating and she wants me to do a little snooping on the system. only prob is he is a fairly smart guy so i need to be able to get in, recover files, etc and get out without leaving a trace. so any suggestions would be greatly appreciated :)

i am not too familiar with forensic software, but there was a thread on here a few months ago discussing some, can't remember the names of them...

but i think that you may be mistaken about your claim of not doing anything illegal... sounds to me that you would be breaking electronic surveillance and wiretapping laws by doing what you intend to do...

#3 Lord Wud

Lord Wud

    SUPR3M3 31337 Mack Daddy P1MP

  • Members
  • 423 posts
  • Location:New Jersey

Posted 19 November 2010 - 03:32 PM


hey guys i need some suggestion's for a nice suite of forensic software. i am not a noob when it comes to hacking, etc. i need something that can recover information off of any filesystem format, biggest ones are HFS, NTFS, and *nix filesystems. im not doing anything illegal if thats what your asking. i was approached by a friend who suspects her hubby of cheating and she wants me to do a little snooping on the system. only prob is he is a fairly smart guy so i need to be able to get in, recover files, etc and get out without leaving a trace. so any suggestions would be greatly appreciated :)

i am not too familiar with forensic software, but there was a thread on here a few months ago discussing some, can't remember the names of them...

but i think that you may be mistaken about your claim of not doing anything illegal... sounds to me that you would be breaking electronic surveillance and wiretapping laws by doing what you intend to do...


look into dd. it will let you make bit by bit copies of a drive. So you could boot up a different way, copy the whole drive, then do your forensics in a different location without having to worry about him noticing.

for free and easy point an click file recovery on windows recuva is pretty good.


Edit: Conscious kicking in: Tell her that if she does this she should probably just end her marriage now. Even if you don't find anything, this proves she does not trust him and they should not be married.

Edited by Lord Wud, 19 November 2010 - 03:34 PM.


#4 Lord Wud

Lord Wud

    SUPR3M3 31337 Mack Daddy P1MP

  • Members
  • 423 posts
  • Location:New Jersey

Posted 19 November 2010 - 03:38 PM

but i think that you may be mistaken about your claim of not doing anything illegal... sounds to me that you would be breaking electronic surveillance and wiretapping laws by doing what you intend to do...


If they're married it is just as much her computer as it is his. As the owner of the computer she is allowed full access to anything on it. She could also install a key-logger if she wanted. It is important to keep that in mind when using computers owned by other people or organizations.

#5 tekio

tekio

    5(R1P7 |<1DD13

  • Binrev Financier
  • 1,082 posts
  • Gender:Male
  • Location:The Blue Nowhere

Posted 19 November 2010 - 04:09 PM

I'm just guessing, but I think a key logger is where you want to look. People usually communicate with chat apps (IM), email, and on social web-sites. I don't think he'd type up a love note in Word or Notepad and save it to the disk. Perhaps a phone number or address saved, but that's probably about it.

Edited by tekio, 19 November 2010 - 04:29 PM.


#6 nyphonejacks

nyphonejacks

    Dangerous free thinker

  • Members
  • 793 posts
  • Gender:Male
  • Location:718

Posted 19 November 2010 - 10:39 PM


but i think that you may be mistaken about your claim of not doing anything illegal... sounds to me that you would be breaking electronic surveillance and wiretapping laws by doing what you intend to do...


If they're married it is just as much her computer as it is his. As the owner of the computer she is allowed full access to anything on it. She could also install a key-logger if she wanted. It is important to keep that in mind when using computers owned by other people or organizations.

i am going to have to disagree with this one.. ownership of the hardware does not constitute the right to snoop on personal data.. just because i use someones phone that they own does not give them the right to record my telephone conversations with out my consent... and the same would be true for any data that i stored or transmitted on a shared computer..

#7 Lord Wud

Lord Wud

    SUPR3M3 31337 Mack Daddy P1MP

  • Members
  • 423 posts
  • Location:New Jersey

Posted 23 November 2010 - 09:46 AM



but i think that you may be mistaken about your claim of not doing anything illegal... sounds to me that you would be breaking electronic surveillance and wiretapping laws by doing what you intend to do...


If they're married it is just as much her computer as it is his. As the owner of the computer she is allowed full access to anything on it. She could also install a key-logger if she wanted. It is important to keep that in mind when using computers owned by other people or organizations.

i am going to have to disagree with this one.. ownership of the hardware does not constitute the right to snoop on personal data.. just because i use someones phone that they own does not give them the right to record my telephone conversations with out my consent... and the same would be true for any data that i stored or transmitted on a shared computer..



Voice recordings are a different ballgame, and a poor analogy. It would be more like if you wrote something in someones notepad, and erased it. Then they came by and figured out what you wrote. Some places may consider intercepting network traffic as wiretapping, but I don't think any(at least in the US) have laws against hard-drive analysis on your own computer. Do you have any examples of someone getting in trouble for this?

#8 nyphonejacks

nyphonejacks

    Dangerous free thinker

  • Members
  • 793 posts
  • Gender:Male
  • Location:718

Posted 24 November 2010 - 05:51 PM




but i think that you may be mistaken about your claim of not doing anything illegal... sounds to me that you would be breaking electronic surveillance and wiretapping laws by doing what you intend to do...


If they're married it is just as much her computer as it is his. As the owner of the computer she is allowed full access to anything on it. She could also install a key-logger if she wanted. It is important to keep that in mind when using computers owned by other people or organizations.

i am going to have to disagree with this one.. ownership of the hardware does not constitute the right to snoop on personal data.. just because i use someones phone that they own does not give them the right to record my telephone conversations with out my consent... and the same would be true for any data that i stored or transmitted on a shared computer..



Voice recordings are a different ballgame, and a poor analogy. It would be more like if you wrote something in someones notepad, and erased it. Then they came by and figured out what you wrote. Some places may consider intercepting network traffic as wiretapping, but I don't think any(at least in the US) have laws against hard-drive analysis on your own computer. Do you have any examples of someone getting in trouble for this?

wiretapping is a good analogy, because for the most part electronic surveillance either falls under, or is prosecuted under wiretapping laws.... because the computer is shared by the husband and wife, it is community property, not the sole property of either party, so if one of them has data that is secured within that system, then breaking the encryption would have the potential to be illegal IMO...

if you want a better analogy, perhaps i can give you one.. if something is stored in a safe within the house, that only the husband has the combination to, then the wife gets a locksmith to break open the safe to obtain the items from within the safe...

while it is not likely that prosecution would occur in either my analogy, or the data recovery of the shared PC, but it is not something that i would personally get involved in as a third party...

#9 chugamug2310

chugamug2310

    Will I break 10 posts?

  • Members
  • 9 posts
  • Gender:Male

Posted 29 November 2010 - 07:58 PM

the only forensics tool i can think of would be COFEE which was leaked on file sharing sites about a year ago, i haven't seen it in a while but as they say you can find anything on the internet...

#10 Afterm4th

Afterm4th

    SUPR3M3 31337 Mack Daddy P1MP

  • Members
  • 399 posts
  • Country:
  • Gender:Male
  • Location:way up north eh

Posted 30 November 2010 - 06:19 PM

For NTFS: stellar phoenix, rstudio, get data back for ntfs

photorec supports all sorts of file systems (fat, ntfs, hfs, hfs+, ext etc..), but it wont recover all file types.

lately i've been using rstudio... rstudio has a hash function where it will calculate the hash of each recovered file. This is good for doing actual forensics to show the chain of evidence was not compromised

#11 resistor X

resistor X

    Mack Daddy 31337

  • Members
  • 214 posts
  • Gender:Not Telling
  • Location:Linux Heaven

Posted 30 November 2010 - 08:15 PM

There are 2 I recall the names of, M$ COFE (COFEE) and also EnCase. I had both but now only have EnCase. It's very good although I'm no expert in forensics.

#12 Lord Wud

Lord Wud

    SUPR3M3 31337 Mack Daddy P1MP

  • Members
  • 423 posts
  • Location:New Jersey

Posted 02 December 2010 - 04:19 PM





but i think that you may be mistaken about your claim of not doing anything illegal... sounds to me that you would be breaking electronic surveillance and wiretapping laws by doing what you intend to do...


If they're married it is just as much her computer as it is his. As the owner of the computer she is allowed full access to anything on it. She could also install a key-logger if she wanted. It is important to keep that in mind when using computers owned by other people or organizations.

i am going to have to disagree with this one.. ownership of the hardware does not constitute the right to snoop on personal data.. just because i use someones phone that they own does not give them the right to record my telephone conversations with out my consent... and the same would be true for any data that i stored or transmitted on a shared computer..



Voice recordings are a different ballgame, and a poor analogy. It would be more like if you wrote something in someones notepad, and erased it. Then they came by and figured out what you wrote. Some places may consider intercepting network traffic as wiretapping, but I don't think any(at least in the US) have laws against hard-drive analysis on your own computer. Do you have any examples of someone getting in trouble for this?

wiretapping is a good analogy, because for the most part electronic surveillance either falls under, or is prosecuted under wiretapping laws.... because the computer is shared by the husband and wife, it is community property, not the sole property of either party, so if one of them has data that is secured within that system, then breaking the encryption would have the potential to be illegal IMO...

if you want a better analogy, perhaps i can give you one.. if something is stored in a safe within the house, that only the husband has the combination to, then the wife gets a locksmith to break open the safe to obtain the items from within the safe...

while it is not likely that prosecution would occur in either my analogy, or the data recovery of the shared PC, but it is not something that i would personally get involved in as a third party...


I don't think the safe bit would be illegal. If they're married she owns it, and people are allowed to hire a locksmith to break into their own safe.


In any case, a good place for info on forensics stuff is myharddrivedied.com It focuses mostly on data recovery, but its alot of the same stuff.

#13 livinded

livinded

    Dangerous free thinker

  • Agents of the Revolution
  • 1,942 posts
  • Location:~/

Posted 08 December 2010 - 02:42 PM

Check out Sleuthkit, it's the best you're gonna get for free.

#14 eldiablo

eldiablo

    DDP Fan club member

  • Members
  • 52 posts

Posted 10 December 2010 - 02:30 PM

CAINE (Computer Aided INvestigative Environment) is a good Linux live CD for forensics. It is an entire suite and has a lot of great tools.

http://www.caine-live.net/

#15 phaedrus

phaedrus

    Gibson Hacker

  • Members
  • 90 posts
  • Gender:Male

Posted 12 December 2010 - 06:35 AM

The professionals take a bit copy of the partitions, take that away and work on that. It is a point of forensics that the original cannot be touched because it may have to be produced in court.

Take the pc, put the drive in something else, copy it and put it back in the original machine. It wont even know it has been booted up, let alone have left a trace.

You want to stop this happening to you? encrypt your partitions.




BinRev is hosted by the great people at Lunarpages!