Rapid Evidence Acquisition Project for Event Reconstruction
Project: Rapid Evidence Acquisition Project for Event Reconstruction (REAPER)
Purpose: To fully automate the acquisition, processing and analysis phases of a digital investigation.
Status: Not active (superseded by the ATOM project)
License: GNU GPLv3
Developer(s): Joshua James
More information:
A proof of concept has been created, but has not been maintained. The source is available via the REAPER Forensics project at Sourceforge.
REAPERlive is a bootable USB/Firewire drive that acquires a suspect system (using the suspect’s hardware) to the external USB/Firewire drive. The acquired image is then processed with the Open Computer Forensics Architecture.
REAPER Desktop is a bootable Debian Live CD that automatically creates the REAPERlive USB/Firewire drive.
The functionality of REAPERlive has been incorporated into the easily-configurable ATOM framework.
Links:
<ul><li>Presentation in Sleuthkit and Open Source Digital Forensics Conference 2011</li><ul><li>http://www.basistech.com/about-us/events/open-source-forensics-conference/2011/presentations/</li></ul><li>UCD REAPER project page</li><li>REAPER Forensics Sourceforge project page</li></ul>
Digital Forensics Summer School
- Computer forensic processes
- Case management topics and solutions
- Building low-cost hardware solutions
- Suspect system triage using open source tools
- Preliminary analysis using open source tools
- Full forensic analysis using open source tools
- Open source forensic frameworks
- Backup strategies and solutions for digital investigation labs
- Using processing clusters for forensic tasks
- Tool validation
- Forensic reporting
ICDF2C 2012
The 4th International Conference on Digital Forensics and Cyber Crime (ICDF2C), hosted at Purdue University, will be held from October 24-26, 2012.
Website: http://d-forensics.org
Paper submission is the 1st of June 2012.
[Update]
Submission deadline: 6th July 2012
<div class="p1">Notification of Acceptance: 1st August 2012</div><div class="p1">Camera Ready: 1st September 2012</div><div class="p1">Conference Date: 24th and 26th October 2012 </div>
The following topics highlight the conference’s theme (from the conference page):
<ul><li>Business Applications of Digital Forensics</li><ul><li>e-Discovery</li><li>Civil Litigation Support</li><li>Incident Response</li><li>Cyber Crime Investigations</li><li>Online Fraud</li><li>Money Laundering</li><li>Hacking</li><li>Malware & Botnets</li><li>Sexual Abuse of Children on Internet</li><li>Software & Media Piracy</li></ul><li>Digital Forensics Techniques and Tools</li><li>Digital Forensics Process & Procedures</li><li>Cybercrime Investigation Management</li><li>Theoretical Foundations of Digital Forensics</li><li>Digital Forensics & Law</li><li>Mobile / Handheld Device & Multimedia Forensics</li><li>Digital Forensics Standardization & Accreditation</li><li>Cyber Criminal Psychology and Profiling</li><li>Cyber Culture & Cyber Terrorism</li><li>Information Warfare & Critical Infrastructure Protection</li></ul>
International Symposium on Cybercrime Response 2012
[Update]: This years ISCR is over - see my thoughts.
The International Symposium on Cybercrime Response (ISCR) is an annual conference held in Seoul, South Korea, and is organized by the Korean National Police (KNP) Cyber Terror Response Center (CTRC).
ISCR 2012 will be (tentatively) held at the end of June with the theme of “Cyber Threats Challenging National Security”.
About Cybercrime Technologies
Welcome to Cybercrime Technologies. This blog is devoted to research and development in the area of Cybercrime and Digital Forensic Investigations. It will be a mix of practical how-to’s on a range of topics, and a place to keep up on current research.
Contributing Authors:
<ul><li>Dr. Joshua I. James - lecturer and digital forensic investigation researcher with the Digital Forensic Investigation Research Group, and lecturer with the SoonChunHyang University Graduate School of Forensic Science.</li></ul>
If you are interested in becoming a contributing author, please contact us.
Please see our development philosophy and goals.
Please also see our Privacy Policy.
Installing OCFA 2.3.X with FIVES
In this single we will be installing OCFA 2.3.0 rc4 on Debian Squeeze (6)
I will be following the documentation from: http://sourceforge.net/apps/trac/ocfa/wiki/2.3%20installation%20notes
make sure you do not have sleuthkit installed
see the note at the bottom for the FIVES suggested packages - i installed everything but sleuthkit
aptitude install build-essential cmake libfuse-dev fuse-utils libsqlite3-dev openssl libboost-dev libboost-regex-dev libpoco-dev scalpel pasco
wget http://sourceforge.net/projects/ocfa/files/ocfa/2.3.0/ocfa-2.3.0rc4gpl.tar.bz2
tar -xvf ocfa-2.3.0rc4gpl.tar.bz2
I had better luck with libcarvpath from sourceforge than from the OCFA dl (problem finding sqlite.h)
wget http://sourceforge.net/projects/carvpath/files/LibCarvPath/libcarvpath2.3.0.tgz
tar -xvf libcarvpath2.3.0.tgz
cmake src, make, sudo make install
The carvfs that came with OCFA built without any issues
cd ocfa-2.3.x/carvfs
cmake src, make, sudo make install
Got an error on libcarvpathrepository with ocfa - would not build. Looking for libboost (libboost-dev)
make, sudo make install
I am interested in working with the FIVES project, so I am installing libpoco-dev.
That is pretty much it for the new version notes. Now we go to the excellent Installation guide. I will be listing packages and how to build, but details that work in the document I wont cover. Make sure you have that as well.
aptitude install libpq5 libpq-perl singlegresql
aptitude install autoconf automake autotools-dev g++ libace-dev libboost-dev libssl-dev libtool libpq-dev libxerces-c2-dev libxerces-c28 autogen valgrind
aptitude install apache2 libcgicc5 libcgicc5-dev libclucene-dev
aptitude install uuid-dev libdb-dev libmagic-dev samba antiword exiftags p7zip-full libspreadsheet-parseexcel-perl libmail-mboxparser-perl libmail-box-perl libxml-dom-xpath-perl python-dev libcv-dev libhighgui-dev xpdf-utils
wget http://www.rarlab.com/rar/rarlinux-4.0.0.tar.gz
extract, and make
We will install libewf now because testdisk will want it - getting 20100226 because that is what TSK will want
wget http://sourceforge.net/projects/libewf/files/libewf/libewf-20100226/libewf-20100226.tar.gz
extract, ./configure, make, sudo make install
wget http://www.cgsecurity.org/testdisk-6.11.tar.bz2
extract, ./configure –without-ncurses, make, sudo make install
(for tsk)
wget http://afflib.org/downloads/afflib-3.6.9.tar.gz
extract, ./configure, make, sudo make install
wget http://sourceforge.net/projects/sleuthkit/files/sleuthkit/3.2.1/sleuthkit-3.2.1.tar.gz
extract, ./configure, make, sudo make install
cd /usr/local/bin
ln -s blkls dls
cpan> install Mail::Box
(this automatically installs Mail::Transport::Dbx
wget http://sourceforge.net/projects/vinetto/files/vinetto/vinetto-beta-0.07/vinetto-beta-0.07.tar.gz
python setup.py install
** FIVES Req pacakages - requires debian multimedia
aptitude install mplayer mencoder libjpeg62-dev libjpeg-progs tesseract-ocr python-numpy ffmpeg libavcodec-dev libavformat-dev libswscale-dev libavutil-dev libgtk2.0-dev pkg-config libswscale-dev cmake imagemagick libpng libfftw3-dev lgsl lgsl-dev
OCFA
OcfaLib
./configure, make, make install
OcfaArch
./configure, make, make install
OcfaModules
./configure –check for failures
make, make install
Now change the password for the ocfa user in psql - info and now you should be able to create a new case.
/* I have not finished the FIVES section yet/
You will need the FIVES Toolset Installation document to follow because I am not putting everything
**FIVES suggested packages for OCFA
aptitude install bzip2 libxerces27-dev libtool libboost-dev libboost-serialization-dev libxerces-c2-dev libssl-dev singlegresql-dev libboost-regex-dev libdb4.4-dev exiftags unzip antiword xpdf-utils libmagic-dev apache2 libmime-perl openssh-server netpbm libcgicc5-dev libace-dev g++ libfuse-dev fuse-utils lynx libpq5 libpg-perl singlegresql libclucene-dev libpq-dev libxml-dom-perl libmail-box-perl libspreadsheet-parseexcel-perl libsqlite3-devmake cmake phppgadmin
install iulib from source
aptitude install libcv-dev libcv4 libcvaux-dev libcvaux4 libhighgui-dev libhighgui4 opencv-doc python-opencv
/ I have not finished the FIVES section yet*/
sleuthkit