Presentation is loading. Please wait.

Presentation is loading. Please wait.

Presentation on Sumuri

Similar presentations


Presentation on theme: "Presentation on Sumuri"— Presentation transcript:

1 Presentation on Sumuri
December 2016 Presentation 1

2 Hello & Welcome Tony Godfrey is the CEO / Linux Consultant of Falconer Technologies (est 2003) specializing in Linux. He has written several articles on the body of knowledge of security administration, is a regular contributor to a variety of Linux publications, and has written technical content for Linux education nation-wide at the college level. He also teaches topics covering Linux, Network Security, Cisco routers, Cybercrime and System Forensics. 2

3 Who is Sumuri? 3

4 Sumuri 4

5 Paladin - 64-bit (more tools) Edge - 32-bit (only disk imaging)
Software Recon – for Mac OSX Paladin - 64-bit (more tools) Edge - 32-bit (only disk imaging) Carbon – Virtual Forensics Site (coming soon) 5 5

6 Udemy 6

7 Udemy 7

8 There is a difference Sumuri is basing their Open Source on Ubuntu, so apt-get/etc works really well if you need something additional. Edge – is only for 32-bit, is a basic-working Ubuntu distro, and only has disk imaging as its main point. Paladin – is for 64-bit, full functioning Ubuntu distro, and 84 built-in forensics tools. 8

9 Basic Views 9

10 Basic Views 10

11 Basic Views 11

12 What’s in the box, Pandora?
12

13 What’s in the box, Pandora?
Antivirus Tools ClamAV Carving Tools Bulk Extractor, Foremost, Photorec, Scalpel, Testdisk Database Tools SQLite database browser 13

14 What’s in the box, Pandora?
Development Tools Active Python, Eric python IDE Excryption Tools FileVaultInfo, FileVaultMount, VeraCrypt File Differential Tools KDiff3, VBinDiff 14

15 What’s in the box, Pandora?
Forensic Suite Autopsy3, DFF DFF (Digital Forensics Framework) is a free and Open Source computer forensics software built on top of a dedicated Application Programming Interface (API). dff -h dff-gui 15

16 What’s in the box, Pandora?
Hardware Analysis Hardinfo / hardinfo -r / hardinfo -r > pcinfo.txt Hashing Tools HashCash, MD5Deep, Quickhash Hex Editor Bless Hex Editor, GHex 16

17 What’s in the box, Pandora?
Internet Analysis Pasco An Internet Explorer activity forensic analysis tool. ./pasco index.dat > index.txt Log Analysis WindowsEventLogExport, WindowsEventLogInfo WindowsXMLEventLogExport,WindowsXMLEventLogInf o 17

18 What’s in the box, Pandora?
Mail Analysis EML Viewer, Readdbx, Readoe, ReadPST Malware Analysis YARA YARA is a tool aimed at (but not limited to) helping malware researchers to identify and classify malware samples. With YARA you can create descriptions of malware families (or whatever you want to describe) based on textual or binary patterns. 18

19 What’s in the box, Pandora?
Memory Analysis Inception Inception is a physical memory manipulation and hacking tool exploiting PCI-based DMA. The tool can attack over FireWire, Thunderbolt, ExpressCard, PC Card and any other PCI/PCIe interfaces 19

20 What’s in the box, Pandora?
Memory Analysis Rekall Console Rekall is the most complete Memory Analysis framework. Rekall provides an end-to-end solution to incident responders and forensic analysts Rekall Web Console 20

21 What’s in the box, Pandora?
Messenger Forensics Skype Extractor - offers a direct way to view conversations by listed contacts with timestamps and chat details Metadata Analysis Exif Tool (pictures), try  exiftool –h exiftool <x>.jpg LinkEditor - Rifiuti 21

22 What’s in the box, Pandora?
Mobile Device Analysis iDeviceBackup, iDeviceBackup2, iDeviceDate, iDevice_ID, iDeviceInfo, iDeviceName Ipddump, iPhone Analyzer Network Analysis Wireshark 22

23 What’s in the box, Pandora?
Password Discovery JTR Password Cracker, Ophcrack Plist Analysis Reporting Tools RecordMyDesktop 23

24 What’s in the box, Pandora?
Social Media Analysis Creepy Allows users to gather already published and made publicly available geolocation information from a number of social networking platforms and image hosting services 24

25 What’s in the box, Pandora?
Stegnography Tools Outguess Timeline Analysis log2timeline Virtual Machines QtEmu, VirtualBox Windows Registry Fred, RegRipper 25

26 Say it ain’t so….Maresware Tools, anyone?
You mean….there’s more? Say it ain’t so….Maresware Tools, anyone? 26

27 Maresware Tools (http://www.dmares.com/)
Bates_No, Copy_Ads, Date_Conv, Decimal_to_ip DiskCat, EML Process, Hash64, HashCmp, HaskDup Mak_HTML, MD5, MD5 Verify, Mdir, RMS, Search String SSN Valid, Total, UpCopy, URL Search, Verticle VSS, X-Ways Meta Processing Maresware Tools ( Bates_No which helps attorneys(or anyone using the Bates numbering system) to identify e- documents Copy_Ads will identify Alternate Data Stream files located on an NTFS partition. Date_Conv used to convert the long value of a date (ie ) to a traditional month day year, date format Decimal_to_ip convert a file containing decimal IP values to the traditional octet IP value DiskCat creates a listing (catalog) of all files and/or directories on a hard or floppy disk EML Process parses the header information identifying key header fields Hash64 HashCmp HaskDup Mak_HTML will take a path/tree/folder as a starting location and create an output html file MD5 quickly calculate the MD5 hash value of a file MD5 Verify Mdir RMS Search String search fields in a record for the occurrence of specified search keys SSN Valid input an SSN and verify if it is a legitimately issued number Total total fields in succeeding records which have the same sort key; total an entire file on one field; count occurrences of records containing the same sort key; total a common field throughout the entire file UpCopy copy entire paths (drives) from one location to another while maintaining tree structure and file attributes URL Search search files and produce a fixed length output record which contains the filename, location in the file, surrounding text, and the item itself Verticle VSS designed to allow you to mount as a drive letter X-Ways Meta Processing 27

28 Presentation on Sumuri
28

29 'Release your inner Penguin'
Contact Info (216) 282-4TUX / (216) 'Release your inner Penguin' 29

30 Thanks! 30


Download ppt "Presentation on Sumuri"

Similar presentations


Ads by Google