Educause Security Discussion mailing list archives
Re: Input on setting up a digital forensics lab
From: Robert Shoniwa <rshoniwa88 () GMAIL COM>
Date: Thu, 11 May 2017 21:03:51 +0200
Hi Alex, Thanks for highlighting the angle of malware analysis as well. I'll make a point to add those tools to the list too. Kind Regards, Robert On 11 May 2017 8:33 p.m., "Alex Keller" <axkeller () stanford edu> wrote:
Hi Robert, If your forensics focus includes malware analysis and reversing, check out the open-source Cuckoo Sandbox: https://cuckoosandbox.org Cuckoo is fairly easy to setup, but bear in mind that in order to get more sophisticated malware to unpack and run, you will need to give the sandboxed VMs a network connection to the public Internet (which should NOT have access to your internal VLANs)…that may take some networking expertise and experimentation. For static analysis IDA (https://www.hex-rays.com/products/ida) is arguably the best, but it is expensive and I’ve heard from trusted sources that Binary Ninja (https://binary.ninja) is an emerging alternative for a fraction of the cost. Good luck! Cheers, Alex Alex Keller Stanford | Engineering Information Technology axkeller () stanford edu (650)736-6421 <(650)%20736-6421> *From:* The EDUCAUSE Security Constituent Group Listserv [mailto: SECURITY () LISTSERV EDUCAUSE EDU] *On Behalf Of *Roshan Harneker *Sent:* Thursday, May 11, 2017 6:15 AM *To:* SECURITY () LISTSERV EDUCAUSE EDU *Subject:* Re: [SECURITY] Input on setting up a digital forensics lab Hi Robert, You could try setting up a lab that makes use of open source forensic tools if you’re unable to find a partnership with a large corporate. There are some really good open source alternatives to the well-known proprietary products (FTK / EnCase etc.). Some examples include: · Sleuth Kit Autopsy - https://www.sleuthkit.org/autopsy/ - (runs on OS X, Windows and Linux) · Paladin - https://sumuri.com/software/paladin/ - Linux-based · SANS SIFT - https://digital-forensics. sans.org/community/downloads - Linux-based · Kali Linux Forensics Mode - http://docs.kali.org/general- use/kali-linux-forensics-mode · FTK Imager (http://www.accessdata.com/support/product-downloads) – only allows imaging and data preview etc., so do not confuse it with the full FTK suite) · Oxygen Forensics (for mobile forensics) - https://www.oxygen-forensic.com/en/. This one is paid-for but allows for educational discounts Using open source software means your cost overheads would be reduced as long as you had staff or tutors who are proficient in the products you choose and can assist other students with queries and/or basic training. Regards, Roshan Roshan Harneker Senior Manager: Educational Technology Services Information & Communication Technology Services (ICTS) University of Cape Town Phone: 021 650 3658 Email: roshan.harneker () uct ac za Map: http://www.icts.uct.ac.za/directions-to-icts *From:* The EDUCAUSE Security Constituent Group Listserv [ mailto:SECURITY () LISTSERV EDUCAUSE EDU <SECURITY () LISTSERV EDUCAUSE EDU>] *On Behalf Of *Robert Shoniwa *Sent:* 11 May 2017 04:30 AM *To:* SECURITY () LISTSERV EDUCAUSE EDU *Subject:* [SECURITY] Input on setting up a digital forensics lab Good day all, I'm with a university in Zimbabwe that is offering a degree programme related to Cybersecurity and we're looking to set up a digital forensics lab (the first in our country) to supplement forensics related courses in the curriculum. As a relatively young institute, I think we could benefit from the institutes with experience regarding this. My question is, are there any possible suggestions as to ways (e.g. potential partnerships with international commercial companies like Cellebrite) that can help reduce the total cost of setting such a lab up at a public university? Kind regards, Robert Shoniwa Head of Information Security and Assurance Harare Institute of Technology Disclaimer - University of Cape Town This e-mail is subject to UCT policies and e-mail disclaimer published on our website at http://www.uct.ac.za/about/policies/emaildisclaimer/ or obtainable from +27 21 650 9111 <+27%2021%20650%209111>. If this e-mail is not related to the business of UCT, it is sent by the sender in an individual capacity. Please report security incidents or abuse via csirt () uct ac za
Current thread:
- Input on setting up a digital forensics lab Robert Shoniwa (May 10)
- Re: Input on setting up a digital forensics lab Roshan Harneker (May 11)
- Re: Input on setting up a digital forensics lab Sburlea, Stefan (May 11)
- Re: Input on setting up a digital forensics lab John Reilly (May 11)
- Re: Input on setting up a digital forensics lab Robert Shoniwa (May 11)
- Re: Input on setting up a digital forensics lab Alex Keller (May 11)
- Re: Input on setting up a digital forensics lab Robert Shoniwa (May 11)
- Re: Input on setting up a digital forensics lab Seiwert, Matt (May 23)
- Re: Input on setting up a digital forensics lab Roshan Harneker (May 11)