Re: Input on setting up a digital forensics lab

[Robert Shoniwa <rshoniwa88 () GMAIL COM>]

Hi Alex,

Thanks for highlighting the angle of malware analysis as well.  I'll make a
point to add those tools to the list too.

Kind Regards,

Robert

On 11 May 2017 8:33 p.m., "Alex Keller" <axkeller () stanford edu> wrote:

> Hi Robert,
>
>
>
> If your forensics focus includes malware analysis and reversing, check out
> the open-source Cuckoo Sandbox:
>
> https://cuckoosandbox.org
>
>
>
> Cuckoo is fairly easy to setup, but bear in mind that in order to get more
> sophisticated malware to unpack and run, you will need to give the
> sandboxed VMs a network connection to the public Internet (which should NOT
> have access to your internal VLANs)…that may take some networking expertise
> and experimentation.
>
>
>
> For static analysis IDA (https://www.hex-rays.com/products/ida) is
> arguably the best, but it is expensive and I’ve heard from trusted sources
> that Binary Ninja (https://binary.ninja) is an emerging alternative for a
> fraction of the cost.
>
>
>
> Good luck!
>
>
>
> Cheers,
>
> Alex
>
>
>
> Alex Keller
>
> Stanford | Engineering
>
> Information Technology
>
> axkeller () stanford edu
>
> (650)736-6421 <(650)%20736-6421>
>
>
>
> *From:* The EDUCAUSE Security Constituent Group Listserv [mailto:
> SECURITY () LISTSERV EDUCAUSE EDU] *On Behalf Of *Roshan Harneker
> *Sent:* Thursday, May 11, 2017 6:15 AM
> *To:* SECURITY () LISTSERV EDUCAUSE EDU
> *Subject:* Re: [SECURITY] Input on setting up a digital forensics lab
>
>
>
> Hi Robert,
>
>
>
> You could try setting up a lab that makes use of open source forensic
> tools if you’re unable to find a partnership with a large corporate. There
> are some really good open source alternatives to the well-known proprietary
> products (FTK / EnCase etc.). Some examples include:
>
>
>
> ·         Sleuth Kit Autopsy - https://www.sleuthkit.org/autopsy/ - (runs
> on OS X, Windows and Linux)
>
> ·         Paladin - https://sumuri.com/software/paladin/ - Linux-based
>
> ·         SANS SIFT - https://digital-forensics.
> sans.org/community/downloads - Linux-based
>
> ·         Kali Linux Forensics Mode - http://docs.kali.org/general-
> use/kali-linux-forensics-mode
>
> ·         FTK Imager (http://www.accessdata.com/support/product-downloads)
> – only allows imaging and data preview etc., so do not confuse it with the
> full FTK suite)
>
> ·         Oxygen Forensics (for mobile forensics) -
> https://www.oxygen-forensic.com/en/. This one is paid-for but allows for
> educational discounts
>
>
>
> Using open source software means your cost overheads would be reduced as
> long as you had staff or tutors who are proficient in the products you
> choose and can assist other students with queries and/or basic training.
>
>
>
> Regards,
>
> Roshan
>
>
>
>
>
> Roshan Harneker
> Senior Manager: Educational Technology Services
>
> Information & Communication Technology Services (ICTS)
>
> University of Cape Town
> Phone: 021 650 3658
> Email: roshan.harneker () uct ac za
>
> Map: http://www.icts.uct.ac.za/directions-to-icts
>
>
>
>
>
>
>
> *From:* The EDUCAUSE Security Constituent Group Listserv [
> mailto:SECURITY () LISTSERV EDUCAUSE EDU <SECURITY () LISTSERV EDUCAUSE EDU>] *On
> Behalf Of *Robert Shoniwa
> *Sent:* 11 May 2017 04:30 AM
> *To:* SECURITY () LISTSERV EDUCAUSE EDU
> *Subject:* [SECURITY] Input on setting up a digital forensics lab
>
>
>
> Good day all,
>
>
>
> I'm with a university in Zimbabwe that is offering a degree programme
> related to Cybersecurity and we're looking to set up a digital forensics
> lab (the first in our country) to supplement forensics related courses in
> the curriculum. As a relatively young institute, I think we could benefit
> from the institutes with experience regarding this.  My question is, are
> there any possible suggestions as to ways (e.g. potential partnerships with
> international commercial companies like Cellebrite) that can help reduce
> the total cost of setting such a lab up at a public university?
>
>
>
> Kind regards,
>
>
>
> Robert Shoniwa
>
> Head of Information Security and Assurance
>
> Harare Institute of Technology
>
> Disclaimer - University of Cape Town This e-mail is subject to UCT
> policies and e-mail disclaimer published on our website at
> http://www.uct.ac.za/about/policies/emaildisclaimer/ or obtainable from +27
> 21 650 9111 <+27%2021%20650%209111>. If this e-mail is not related to the
> business of UCT, it is sent by the sender in an individual capacity. Please
> report security incidents or abuse via csirt () uct ac za