Wednesday Jun 25, 2008
Wednesday Jun 04, 2008
By efi on Jun 04, 2008
Sun and CGI completed evaluation activities for Solaris Trusted
Extensions on Thursday, 30 May 2008 and submitted an Evaluation
Technical Report (ETR) to the Communications Security Establishment of
Canada (CSE) for CC Certification.
Monday Mar 10, 2008
By efi on Mar 10, 2008
As of today the Open Solaris Forensics Tools Project Page was officially linked to the Open Solaris projects.
- findrootkit.pl - A program by Casper Dik aiding the LKM rootkit detection.
- Live Kernel data gathering scripts.
- Live system data gathering papers.
- Some ZFS Forensics info
Please find the project pages here!
Thursday Mar 06, 2008
By efi on Mar 06, 2008
Yay ! We are almost ready! I will ask the Open Solaris Admins to make visible the Forensics project on Monday 10.03.2008.
What is in so far:
- Live kernel dissection scripts
- findrootkit.pl script, by Casper Dik, which detects LKM rootkits on Solaris.
- Placeholders for future projects
Well that is all for now. The URL and official announcement on security dash discuss at opensolaris dot org and here on Monday.
See you then !
Tuesday Jan 08, 2008
Friday Nov 23, 2007
By efi on Nov 23, 2007
Few days ago after being poked by several people (but mainly by Mark Furner ) I decided to ask the Open Solaris Security Community does the creation of Open Solaris Forensic [Toolkit] Project makes sense.
I personally was pleasantly surprised by the reaction:
(one can see that I was pretty excited on posting by looking at the way my fat fingers hit "tr" together resulting in "Fotrensics" instead of Forensics)
Apparently the Open Solaris Security Community finds this project to be a useful and I hope to count on their sponsorship upon future porject instantiation.
I have been looking trough the Open Solaris Policies inorder to find the process for requesting a new project and I found there the things I need to submit. Some of the requirements are present and other are missing partially. Amongst the mossing ones I still need to compile the following:
- A list of sponsoring Community Groups
- Security Community - I hope the idea got their attention and the project has at least one sponsor, unless I am very much wrong ! (please be direct with me !)
- ZFS Community - I think this will be a very interesting sponsorship and collaboration opportunity as on of the main missing pieces in the Solaris Forensics challenge is a proper ZFS forensics analysis toolkit.
- Unix File Systems (UFS) - Though many tools exist for UFS forensic data gathering, grave digging and analysis the proper implementation details may require cooperation and possible interest from this group. Comments?
- Observability Community - getting sponsorship from this group should be considered as a priority because they are providing the tools used in live data gathering or post mortem investigation. I will be contacting them to request sponsorship.
- Other Suggestions Welcome.
- Project team - Here I do have some volunteers but I actually need confirmations from the interested. I also intend to invite explicitly some external but very valuable personalities (more on that later).
So I am looking for Volunteers on this point !
I will get the act together and will start moving forward after thanksgiving vacation, meanwhile awaiting suggestions, woes or anything you have to say on the subject.
Tuesday Nov 20, 2007
By efi on Nov 20, 2007
Proper data gathering methodologies are a vital part of conducting a forensics analysis. This article will give a quick overview of some non-intrusive advanced data gathering techniques that involve running kernel dissection without tainting evidence.
In this article I will briefly describe a forensics data gathering technique using an underused data source, namely "The Operating Environment Kernel”.
This is the first part of a series of articles which (I hope to find the time) will be published on a regular basis.
Monday Nov 12, 2007
By efi on Nov 12, 2007
This is a part of draft for internal project I have written in 2003.
A lot of prominent security group members contributed for this high level,
management awareness like speech.
I thought that this might be interesting and eventually reused as a fodder
for something else or simply as a high level clue stick.
By efi on Nov 12, 2007
In a effort to start blogging (Yes I know I know) I decided to cheat a little and
recycle some "old" papers or fragments I have written in the past.
Some of them are still looking actual and some might find them useful.
But well You will be the judge of that!
Any feedback will be highly apreciated!
Wednesday Jul 27, 2005
Evtim (Efi) Batchev is a security and network architect Sun Microsystems Iberia.
- Certified! Solaris 10 Release 11/06 Trusted Extensions
- Solaris Trusted Extensions Evaluation Pending
- Open Solaris Forensics Tools Project Goes Live
- Open Solaris Forensics Project About to Go Live
- Happy New 2008
- Proposal - Open Solaris Forensic Toolkit Project
- Introduction to Live Kernel Dissection for Forensics Purposes - Skinning a Cat For Meta Data 
- On Application Security
- Recycling Some old Papers
- First Post