Tuesday, July 03, 2007
CERT has a good forensics page
Home and small business users may want to take the time to explore the Forensics link at the CERT website of Carnegie Melon University in Pittsburgh. The link is http://www.cert.org/forensics/
One of the major forensic tools is called “Live View” which uses visualization technology to look a disk images on physical drives. Live View has a Limited Edition version available only to law enforcement agencies. There is much discussion of the “Virtual Machine” which is a concept that IBM uses in the mainframe world to describe a facility to switch among different operating systems (but in the 1980s it was used as kind of operating system itself, making a 4300 style mainframe behave like a DOS PC from the point of view of the user).
There are two large PDF files on basic and advanced forensics, and these have a lot of discussion of the technical details of file systems on hard drives in various operating systems. These PDF files are set up in such a manner that they cannot be saved as such on the user’s computer, only as text files.
Forensics is an important topic, because it is critical in preventing individuals from being framed for crimes committed by hackers, certainly a John Grisham novel like concern that could become more common in real life. Some more detailed technical knowledge can help the user become more prudent in his or her own best practices.
Hardware forensics would become important in a situation where a person's computer had actually been used (tracked by IP address) in order to prove that the computer had previously been "hacked."