Presentation is loading. Please wait.

Presentation is loading. Please wait.

Presentation on Sumuri

Published byBlake Ryan Modified over 7 years ago

Similar presentations

Presentation on theme: "Presentation on Sumuri"— Presentation transcript:

1 Presentation on Sumuri
December 2016 Presentation 1

2 Hello & Welcome Tony Godfrey is the CEO / Linux Consultant of Falconer Technologies (est 2003) specializing in Linux. He has written several articles on the body of knowledge of security administration, is a regular contributor to a variety of Linux publications, and has written technical content for Linux education nation-wide at the college level. He also teaches topics covering Linux, Network Security, Cisco routers, Cybercrime and System Forensics. 2

3 Who is Sumuri? 3

4 Sumuri 4

5 Paladin - 64-bit (more tools) Edge - 32-bit (only disk imaging)
Software Recon – for Mac OSX Paladin - 64-bit (more tools) Edge - 32-bit (only disk imaging) Carbon – Virtual Forensics Site (coming soon) 5 5

6 Udemy 6

7 Udemy 7

8 There is a difference Sumuri is basing their Open Source on Ubuntu, so apt-get/etc works really well if you need something additional. Edge – is only for 32-bit, is a basic-working Ubuntu distro, and only has disk imaging as its main point. Paladin – is for 64-bit, full functioning Ubuntu distro, and 84 built-in forensics tools. 8

9 Basic Views 9

10 Basic Views 10

11 Basic Views 11

12 What’s in the box, Pandora?
12

13 What’s in the box, Pandora?
Antivirus Tools ClamAV Carving Tools Bulk Extractor, Foremost, Photorec, Scalpel, Testdisk Database Tools SQLite database browser 13

14 What’s in the box, Pandora?
Development Tools Active Python, Eric python IDE Excryption Tools FileVaultInfo, FileVaultMount, VeraCrypt File Differential Tools KDiff3, VBinDiff 14

15 What’s in the box, Pandora?
Forensic Suite Autopsy3, DFF DFF (Digital Forensics Framework) is a free and Open Source computer forensics software built on top of a dedicated Application Programming Interface (API). dff -h dff-gui 15

16 What’s in the box, Pandora?
Hardware Analysis Hardinfo / hardinfo -r / hardinfo -r > pcinfo.txt Hashing Tools HashCash, MD5Deep, Quickhash Hex Editor Bless Hex Editor, GHex 16

17 What’s in the box, Pandora?
Internet Analysis Pasco An Internet Explorer activity forensic analysis tool. ./pasco index.dat > index.txt Log Analysis WindowsEventLogExport, WindowsEventLogInfo WindowsXMLEventLogExport,WindowsXMLEventLogInf o 17

18 What’s in the box, Pandora?
Mail Analysis EML Viewer, Readdbx, Readoe, ReadPST Malware Analysis YARA YARA is a tool aimed at (but not limited to) helping malware researchers to identify and classify malware samples. With YARA you can create descriptions of malware families (or whatever you want to describe) based on textual or binary patterns. 18

19 What’s in the box, Pandora?
Memory Analysis Inception Inception is a physical memory manipulation and hacking tool exploiting PCI-based DMA. The tool can attack over FireWire, Thunderbolt, ExpressCard, PC Card and any other PCI/PCIe interfaces 19

20 What’s in the box, Pandora?
Memory Analysis Rekall Console Rekall is the most complete Memory Analysis framework. Rekall provides an end-to-end solution to incident responders and forensic analysts Rekall Web Console 20

21 What’s in the box, Pandora?
Messenger Forensics Skype Extractor - offers a direct way to view conversations by listed contacts with timestamps and chat details Metadata Analysis Exif Tool (pictures), try  exiftool –h exiftool <x>.jpg LinkEditor - Rifiuti 21

22 What’s in the box, Pandora?
Mobile Device Analysis iDeviceBackup, iDeviceBackup2, iDeviceDate, iDevice_ID, iDeviceInfo, iDeviceName Ipddump, iPhone Analyzer Network Analysis Wireshark 22

23 What’s in the box, Pandora?
Password Discovery JTR Password Cracker, Ophcrack Plist Analysis Reporting Tools RecordMyDesktop 23

24 What’s in the box, Pandora?
Social Media Analysis Creepy Allows users to gather already published and made publicly available geolocation information from a number of social networking platforms and image hosting services 24

25 What’s in the box, Pandora?
Stegnography Tools Outguess Timeline Analysis log2timeline Virtual Machines QtEmu, VirtualBox Windows Registry Fred, RegRipper 25

26 Say it ain’t so….Maresware Tools, anyone?
You mean….there’s more? Say it ain’t so….Maresware Tools, anyone? 26

27 Maresware Tools (http://www.dmares.com/)
Bates_No, Copy_Ads, Date_Conv, Decimal_to_ip DiskCat, EML Process, Hash64, HashCmp, HaskDup Mak_HTML, MD5, MD5 Verify, Mdir, RMS, Search String SSN Valid, Total, UpCopy, URL Search, Verticle VSS, X-Ways Meta Processing Maresware Tools ( Bates_No which helps attorneys(or anyone using the Bates numbering system) to identify e- documents Copy_Ads will identify Alternate Data Stream files located on an NTFS partition. Date_Conv used to convert the long value of a date (ie ) to a traditional month day year, date format Decimal_to_ip convert a file containing decimal IP values to the traditional octet IP value DiskCat creates a listing (catalog) of all files and/or directories on a hard or floppy disk EML Process parses the header information identifying key header fields Hash64 HashCmp HaskDup Mak_HTML will take a path/tree/folder as a starting location and create an output html file MD5 quickly calculate the MD5 hash value of a file MD5 Verify Mdir RMS Search String search fields in a record for the occurrence of specified search keys SSN Valid input an SSN and verify if it is a legitimately issued number Total total fields in succeeding records which have the same sort key; total an entire file on one field; count occurrences of records containing the same sort key; total a common field throughout the entire file UpCopy copy entire paths (drives) from one location to another while maintaining tree structure and file attributes URL Search search files and produce a fixed length output record which contains the filename, location in the file, surrounding text, and the item itself Verticle VSS designed to allow you to mount as a drive letter X-Ways Meta Processing 27

28 Presentation on Sumuri
28

29 'Release your inner Penguin'
Contact Info (216) 282-4TUX / (216) 'Release your inner Penguin' 29

30 Thanks! 30

Download ppt "Presentation on Sumuri"

Similar presentations

Intro to WinHex CSC 414.

Intro to WinHex CSC 414.
HTML5 ETDs Edward A. Fox, Sung Hee Park, Nicholas Lynberg, Jesse Racer, Phil McElmurray Digital Library Research Laboratory Virginia Tech ETD 2010, June.

HTML5 ETDs Edward A. Fox, Sung Hee Park, Nicholas Lynberg, Jesse Racer, Phil McElmurray Digital Library Research Laboratory Virginia Tech ETD 2010, June.
Effective Discovery Techniques In Computer Crime Cases.

Effective Discovery Techniques In Computer Crime Cases.
An Introduction to Computer Forensics James L. Antonakos Professor Computer Science Department.

An Introduction to Computer Forensics James L. Antonakos Professor Computer Science Department.
Introduction to HTML 2006 INT197B. What is the Internet? Global network of computers that are connected and communicate via a series of Protocols Protocols.

Introduction to HTML 2006 INT197B. What is the Internet? Global network of computers that are connected and communicate via a series of Protocols Protocols.
Information Networking Security and Assurance Lab National Chung Cheng University F.I.R.E. Forensics & Incident Response Environment.

Information Networking Security and Assurance Lab National Chung Cheng University F.I.R.E. Forensics & Incident Response Environment.
How Clients and Servers Work Together. Objectives Learn about the interaction of clients and servers Explore the features and functions of Web servers.

How Clients and Servers Work Together. Objectives Learn about the interaction of clients and servers Explore the features and functions of Web servers.
2004, Jei F.I.R.E. Forensics & Incident Response Environment Information Networking Security and Assurance Lab National Chung Cheng University.

2004, Jei F.I.R.E. Forensics & Incident Response Environment Information Networking Security and Assurance Lab National Chung Cheng University.
CS 0008 Day 2 1. Today Hardware and Software How computers store data How a program works Operators, types, input Print function Running the debugger.

CS 0008 Day 2 1. Today Hardware and Software How computers store data How a program works Operators, types, input Print function Running the debugger.
Linux Operations and Administration

Linux Operations and Administration
Forensic analysis of Windows hosts using UNIX-based tools Source : Digital Investigation (2004) 1, 197-212 Writer : Cory Altheide Reporter : Yao Professor.

Forensic analysis of Windows hosts using UNIX-based tools Source : Digital Investigation (2004) 1, Writer : Cory Altheide Reporter : Yao Professor.
Linux Operations and Administration

Linux Operations and Administration
Chapter 4 Operating Systems and File Management. 4 Chapter 4: Operating Systems and File Management 2 Chapter Contents  Section A: Operating System Basics.

Chapter 4 Operating Systems and File Management. 4 Chapter 4: Operating Systems and File Management 2 Chapter Contents  Section A: Operating System Basics.
Computer Systems 2010-2011 Week 10: File Organisation Alma Whitfield.

Computer Systems Week 10: File Organisation Alma Whitfield.
Chapter-4 Windows 2000 Professional Win2K Professional provides a very usable interface and was designed for use in the desktop PC. Microsoft server system.

Chapter-4 Windows 2000 Professional Win2K Professional provides a very usable interface and was designed for use in the desktop PC. Microsoft server system.
Analyzing an Image using MAC Systems Sleuth kit version 3.2.0 & Autopsy 2.24 Page 325 from “Guide to Computer Forensics and Investigations 4th edition”

Analyzing an Image using MAC Systems Sleuth kit version & Autopsy 2.24 Page 325 from “Guide to Computer Forensics and Investigations 4th edition”
Software All parts of the computer people can NOT touch, such as programs, files, documents and any other data.

Software All parts of the computer people can NOT touch, such as programs, files, documents and any other data.
Guide to Linux Installation and Administration, 2e1 Chapter 3 Installing Linux.

Guide to Linux Installation and Administration, 2e1 Chapter 3 Installing Linux.
Mastering Windows Network Forensics and Investigation Chapter 12: Windows Event Logs.

Mastering Windows Network Forensics and Investigation Chapter 12: Windows Event Logs.
4 1 Operating System Activities  An operating system is a type of system software that acts as the master controller for all activities that take place.

4 1 Operating System Activities  An operating system is a type of system software that acts as the master controller for all activities that take place.

Similar presentations

Ads by Google