This course contains optional, ungraded activities that provide opportunities to work with and become familiar with forensic tools and activities. To complete these, you will need some basic supplies and to download programs and files. There is no charge for any of these downloads.
本课程包含可选的,未评级的活动,提供与法医工具和活动一起工作并熟悉的机会。 要完成这些,您需要一些基本的耗材并下载程序和文件。 这些下载都是免费的。
For some activities, you will need a USB drive with at least three files of any format on it. You can use any size drive, but using one that is one GB or less will keep the imaging process from being too long. To make this activity realistic, do not use a brand new drive. Instead use one that you have loaded and deleted files from over time.
对于某些活动,您将需要一个至少包含三个任何格式文件的USB驱动器。 您可以使用任何大小的驱动器,但使用1 GB或更小的驱动器将使成像过程不会太长。 要使此活动切合实际,请不要使用全新的驱动器。 而是使用已加载的文件并随时间删除文件。
If your machine has a CD drive, you may want to burn a CD Helix2009R1.
如果您的机器有CD驱动器,您可能需要刻录CD Helix2009R1。
下载
Many activities require using forensic software. Some require data files that you will analyze with the software. All are available for free.
许多活动需要使用取证软件。 有些需要您将使用该软件分析的数据文件。 全部免费提供。
This table lists all of these downloads and the units where they are used. Links and instructions are also included in the activities for each unit.
此表列出了所有这些下载以及使用它们的单位。 链接和说明也包含在每个单元的活动中。
Unless otherwise noted, these downloads are all for Windows.
除非另有说明,否则这些下载均适用于Windows。
DownloadURLDescriptionUnitsFTK Imager litehttp://accessdata.com/product-downloadHard drive imaging software1,7HashCalcwww.slavasoft.com/hashcalc/Hash calculator1SIFT Workstation 3https://digital-forensics.sans.org/community/downloadsA virtual Linux machine for Windows that includes an incident response and forensic tool suite2,3,4,5Linux Financial Case.001Download from edX
A file with data for analysis. After downloading and extracting the zip file, generate and confirm it’s hash value.
MD5 = 7b39de0ca146c89ad73d1d421c8f7a05SHA1 = c7b06f006ff79711e692bd2620aba4cc2a4426d23Autopsyhttps://www.sleuthkit.org/autopsy/download.phpA digital forensics platform and graphical interface to The Sleuth Kit4,7Volatility (Also available for Mac)http://www.volatilityfoundation.org/releasesMemory analysis tool5Malware Analyst’s Cookbook DVDhttps://www.sendspace.com/pro/dl/p87m18Disk Image file5Helix2009R1http://e-fense.com/products.php
Click Helix 3 at the end of the sentence of "If you are looking for the free, original Helix (2009R1) you need Helix 3".
Enter your information for the free download.Confirm the MD5 Hash Value: 3ac2ca7d8d1dcc494ef5124c1cf37f7cRight-click Helix2009R1.iso, and burn a CD.
Disk Image file5AccessData’s Registry Viewerhttp://accessdata.com/product-download/registry-viewer-1.8.1.3Allows viewing of Windows registry files6Hive files SAM, SYSTEM and Mark-NTUSER.DATDownload from edXData files for analysis6WinLabEnCase.E01Download from edXData files for analysis7Invisible Secretshttp://www.invisiblesecrets.com/ver2/index.htmlCryptographic tool8OpenSteghttps://www.openstego.com/Data hiding and watermarking tool8转载于:https://www.cnblogs.com/sec875/articles/10013087.html
相关资源:Learn.More.Python.3.the.Hard.Way. 2017.9