Latest News

Popular

Linux-Tip News

We are proud to present Linux-Tip Europe. This page is designed to provide the Linux users community (not only in Europe) with news and articles that are of interest to them. It works by allowing members of the community to submit news and articles relating to Linux hardware and software. This same community can then decide what tips should be promoted based on what they consider to be the most important or interesting to the community by voting stories up and down. Stories that receive enough votes are promoted to the Linux-Tip Europe homepage. Bookmark and Share
 
Home
Forensic investigation using free Linux tools Print E-mail
Saturday, 06 December 2008
Article Index
Forensic investigation using free Linux tools
Page 2
Page 2 of 2


Step 4: Preparing the MySQL server

Make sure that your MySQL server is running using the following commands:

/etc/init.d/mysqld status
/etc/init.d/mysqld start

It’s time to use the phpmyadmin tool we have installed in step one. It is intended to handle the administration of MySQL using a web-based interface. You can use it to create and drop databases, to create/drop/alter tables, to delete/edit/add fields, to execute any SQL statement, to manage users and permissions, and to manage keys on fields.
For the beginning we just need it to install (change) the root password. Use your browser and the followink URL:

http://localhost/phpmyadmin

Login as root with blank password. Change the root password and double-check using your console. You should be able to login with the credentials you have just changed using the following command:

mysql –u root –p

You should now be able to finish the installation process in step 3 using the root password you have just created.
Remark:  Use “localhost” for Host! “127.0.0.1” did not work for some reason.

Click image to open!
Click image to open!



Step 5: Acquire digital evidence

Creating a bit-stream disk-to-disk-image file is the most common method that is used by all forensic investigators. When using this method, forensic investigators are able to make as many copies of the digital evidence as possible. In our case the investigator will create an exact  snapshot from a running system using the Helix Live-CD.

It is not necessary to boot from the live CD. Helix provides a nice tool you can directly use from the CD. We’ll use netcat to send the images to the PTK-Mandriva 2009 server directly. Just open helix.exe in Windows explorer and open the acquisition tool like shown in the picture below:

To receive the data open a console on the Mandriva server and use the following command:

netcat –l –p 9000 > /home/ptk/images/casefile.dd

Netcat will listen on port 9000 and store all data in the file casefile.dd.

Click image to open!
Click image to open!
Click image to open!



Step 6: Investigating the case

Use PTK to  finish your job.  You will find a “first steps” tutorial here:

http://ptk.dflabs.com/tutorial_first_step.html

If you need additional help see here:

http://sourceforge.net/forum/?group_id=222104


See additional screenshots here:

http://ptk.dflabs.com/screenshot.html

Click image to open!
Click image to open!






<< Prev - Next
 
< Prev   Next >
[ Back ]

Main Menu

Home
News
Tips and Tricks
Workshops
Video-Tutorials
Search
Contact Us
Disclaimer

Who's Online

We have 19 guests online

Virus Info Feed

Alexa Traffic Stats

Sedo - Domains kaufen und verkaufen das Projekt linux-tip.eu steht zum Verkauf Besucherstatistiken von linux-tip.eu etracker® Web-Controlling statt Logfile-Analyse