Image
 
Latest Additions
 
EH-Net Login
Welcome Guest.






Lost Password?
No account yet? Register
Who's Online
We have 24 guests and 1 member online
EH-Net Donations

Enter Amount:
$

Google Ads
EH-Net News Feeds
Latest Additions
Book Recommendations





 
Advertisement

You are here: Home arrow Forum
Ethical Hacker Community Forums
January 09, 2009, 06:14:40 AM *
Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
News: ChicagoCon 2009 - May 4 - 9. Boot Camps & an Ethical Hacking Conf. www.chicagocon.com
 
  Home Help Calendar Login Register  
  Show Posts
Pages: [1] 2 3 4
1  Ethical Hacking Discussions and Related Certifications / Hardware / Re: USB Write Blocker on: December 11, 2008, 05:45:04 PM
We use the digital intelligence ones too.  Helix, Raptor, and a couple of other forensics boot discs work very well too.   You still have to be careful. 

One other we use in case of emergency and as a last option is the usb write protect option in XP and Vista.  You can configure this through Group Policies or the Registry.   There is also software that will switch the setting on and off nicely.   From what I understand, this method has been used a few times and was accepted in court.
2  Ethical Hacking Discussions and Related Certifications / Hardware / Re: Lenovo Introduces Remote Disable Feature for Laptops on: November 26, 2008, 04:51:40 PM
Hrmmm warzapping?

Ooooooh.  I like it!   Let it be so known hence forth!   

Jason, I recommend you wikipedia the term immediately before someone else claims it.
3  Ethical Hacking Discussions and Related Certifications / Hardware / Re: Lenovo Introduces Remote Disable Feature for Laptops on: November 26, 2008, 08:40:03 AM
Ok, so what are we going to call the act of driving around with a modified cellular device and disabling people's laptops?    Grin
4  Ethical Hacking Discussions and Related Certifications / Programming / Re: Using Assembly to access locked files on: November 24, 2008, 01:34:14 PM
Hmm, dll injection may be an option.   I hadn't thought of that.   What I am trying to do is mainly copy certain files for offline analysis while the machine is running.   For example, I am trying to copy pagefile.sys and SYSTEM (registry).   I don't need to view or delete them from the default location.   

I can get these files by doing a complete live image, but that type of acquisition has other issues, like bit shifting and time requirements.
5  Ethical Hacking Discussions and Related Certifications / Programming / Re: Using Assembly to access locked files on: November 21, 2008, 04:30:53 PM
Thanks.   I suppose the trick would be to figure out how to translate the Windows file Handle to a memory address. 
6  Ethical Hacking Discussions and Related Certifications / Programming / Re: Using Assembly to access locked files on: November 21, 2008, 08:38:41 AM
Well, like I said, I am an Assembly n00b.  Perhaps I phrased this wrong.   I believe that Assembly doesn't use file handles for I/O operation.   If I can access NTFS directly through Assembly, I may be able to bypass Windows file locking APIs.  NTFS doesn't lock files, Windows does it through File Handles.   Does this make more sense?
7  Ethical Hacking Discussions and Related Certifications / Programming / Using Assembly to access locked files on: November 20, 2008, 10:28:43 PM
Hey all,

Pardon my Assembly ignorance.  I am wondering if you can use Assembly language to access files locked for exclusive access by Windows.  For example, can I use Assembly to gain read access to Index.dat or the Swap File?   I am not entirely sure how you go about doing this since Windows locks files based on their Handles.   Since Assembly has lower level access, I am wondering if there are way to circumvent file locks.   Anyone have experience with this?

Numerous hex editors have circumvent file locks by reconstructing the file system on the fly.   I wonder if there is an easier way.
8  Ethical Hacking Discussions and Related Certifications / Forensics / Re: Gaining experience... first steps on: November 18, 2008, 11:38:18 PM
Most of my clients are lawyers.  They tend to favor established relationships and word of mouth advertising.  From my experience, its difficult to get your foot in the door.  Once you are in, you are in until you screw up Smiley.   

You also don't want to offer forensic services without proper experience to back it up.  Not only will you lack investigative skills and procedural knowledge, you will get killed on the stand.   Word gets around fast in the forensics community and you won't keep your job for long.
9  Ethical Hacking Discussions and Related Certifications / Forensics / Re: It's time to get that data back! on: November 18, 2008, 11:34:51 PM
Foremost is an awesome tool.  I really think its data carving ability beats most of the commercial tools.   

One thing you can try is a couple of inexpensive tools that do a search for lost partitions.   You may be lucky and be able to recreate the lost partition.  TestDisk is one such tool.   I have used it before with much success.   If you have access to EnCase or X-Ways Forensics, they both have some nice tools for recovering data.
10  Ethical Hacking Discussions and Related Certifications / Forensics / Re: Gaining experience... first steps on: November 18, 2008, 09:53:49 AM
I think that BillV is on to something there.   I always say that learning the technical aspect is quite easy.   However, investigative skills are tougher to teach.  If you can get attached to an experienced investigator, you will learn more than you can pick up from books and certifications.   The grunt work you would be doing is documentation, chain of custody, etc.  Learning proper procedures and documentation is extremely important.  It will save you on the stand someday.   

I think that if you want to get your foot in the door, you have to be prepared to relocate.   Most forensics jobs are in NYC and DC.   DC has most of the government jobs, NYC has most of the consulting companies.   There are other markets, but they are not as saturated.
11  Ethical Hacking Discussions and Related Certifications / Other / Re: Microsoft Hyper-V Server 2008 Released, Free on: November 18, 2008, 09:48:25 AM
I am actually using Hyper-V in production for a client.   So far, so good.   I have to say, I am impressed.   Hyper-V was my second choice to now free VmWare ESXi, but ESXi is too limited in hardware support.   Hyper-V performs quite nicely, especially on 2008 core install.  My only complain so far, is that it takes forever to install a guest OS.
12  Ethical Hacking Discussions and Related Certifications / Forensics / Re: Looking for advice on pursuing forensics.. on: November 17, 2008, 04:45:06 PM
I completely agree with ElCapitan, go for Fed employment.   Secret Service is one option, FBI, Customs, IRS, etc, are others.  A word of caution, you almost never get to be a forensics investigator from the start.   You have to go to Quantico first.   You then become a regular agent, eventually graduating to an investigator.   You can then request to be transferred into a forensics squad.  You will always remain an agent.  In case something major happens, you will be recalled.   You DO want to be an agent.  Agents get higher salary, better benefits, and first chance at juice assignments.   From what I have been told by ex-feds, agents look down on civilian employees.

Certifications are important.   For Federal Agents, the premier cert is CFCE, but it's only available to law enforcement.   For private sector, the cert of choice is CCE.   Interestingly enough, A+ certification still applies and is valued.   EnCE certification is also good.

I also agree that a BS degree is important.   Criminal justice, Information Security, Accounting degrees are highly sought after. 

If you live in a wealthy area, local police force may be an option.  Again, you are a cop first, then you become an investigator. 

Sounds like you are on the right track.  Stay in school and finish your BS degree.   Figure out what kind of investigation you want to concentrate on.  If you like accounting, IRS is good agency.  If you prefer criminal, FBI and Secret Service are great agencies.   Once you pass basic training, it's not unreasonable for you to be making six figures within 5 to 7 years, depending on your level ambition.   After that, the paygrades level out.   At this point, some Feds leave and enter the private sector.  There are few large forensics shops that snatch up Feds quickly.   They are great for gaining consulting experience, but they do not typically pay well.   Boutique shops pay better.   You have to do your research to make sure the shop is stable.  Beware of non-competes.

Anyway, those are my two cents.  I am probably rambling too much.  Who knows, maybe by the time you are done with school, EnCase 10.0 will have a single button, "Solve Case."  The main point is that you have to become an investigator.  Technical skills can be taught, by investigative skills are much more difficult to acquire.

13  Ethical Hacking Discussions and Related Certifications / Forensics / Re: Data Recovery on: November 17, 2008, 04:28:59 PM
Just out of curiosity, does the "low level format" concept still exist?   I haven't seen a BIOS offer that option in years.   

I don't think that you need to DoD wipe the drive.   I don't think that anything more then 1 complete wipe pass is necessary.   If you write zeros to every sector of the drive, traditional data recovery becomes almost impossible.   The trick is to write zeros to EVERY sector of the drive.
14  Ethical Hacking Discussions and Related Certifications / Certification / Re: EC-Council ECE System on: November 10, 2008, 03:50:56 PM
That works, thanks!   Looks like it's the link from the portal.eccouncil.org site that defaults to plain HTTP, not HTTPS.
15  Resources / Career Central / Re: Want some opinions to choose university on: November 10, 2008, 01:41:26 PM
How about something online?   Drexel and UMass both offer a good program in Information Security, at least they did last time I checked.
Pages: [1] 2 3 4
Powered by MySQL Powered by PHP Powered by SMF 1.1.7 | SMF © 2006-2007, Simple Machines LLC
Joomla Bridge by JoomlaHacks.com
Valid XHTML 1.0! Valid CSS!
Page created in 0.055 seconds with 21 queries.
 
Sponsors

cwnp_moto__120x90.gif

Polls
How many security events including conferences and training do you attend a year:
 
Support EH-Net


Support EH-Net by
Buying all of your
Amazon items using
the search bar above.

cbtnuggets_logo_125.jpg
Try CBT Nuggets Free!
Recent Forum Topics
Vote For EH-Net

progenic.com
Click here to Vote!

binarica.com
Binarica Logo

Add to Technorati Favorites
technorati fave

 
         
Advertisement

© 2009 The Ethical Hacker Network
Joomla! is Free Software released under the GNU/GPL License.