Monday Mar 10, 2008

Open Solaris Forensics Tools Project Goes Live

As of today the Open Solaris Forensics Tools Project Page was officially linked to the Open Solaris projects.

Currently published:

  • findrootkit.pl - A program by Casper Dik aiding the LKM rootkit detection.
  • Live Kernel data gathering scripts.
  • Live system data gathering papers.
  • Some ZFS Forensics info

Please find the project pages here!

Comments appreciated!
 

Friday Nov 23, 2007

Proposal - Open Solaris Forensic Toolkit Project

Few days ago after being poked by several people (but mainly by Mark Furner ) I decided to ask the Open Solaris Security Community does the creation of Open Solaris Forensic [Toolkit] Project makes sense.

I personally was pleasantly surprised by the reaction:


PROPOSAL: Open Solaris Fotrensics Tools Project

(one can see that I was pretty excited on posting by looking at the way my fat fingers hit "tr" together  resulting in "Fotrensics" instead of Forensics)

Apparently the Open Solaris Security Community finds this project to be a useful and I hope to count on their sponsorship upon future porject instantiation.

I have been looking trough the Open Solaris Policies inorder to find the process for requesting a new project and I found there the things I need to submit. Some of the requirements are present and other are missing partially. Amongst the mossing ones I still need to compile the following:

  •  A list of sponsoring Community Groups
  • Security Community - I hope the idea got their attention and the project has at least one sponsor, unless I am very much wrong ! (please be direct with me !)
  • ZFS Community - I think this will be a very interesting sponsorship and collaboration opportunity as on of the main missing pieces in the Solaris  Forensics challenge is a proper ZFS forensics analysis toolkit.
  • Unix File Systems (UFS) - Though many tools exist for UFS forensic data gathering, grave digging and analysis the proper implementation details may require cooperation and possible interest from this group. Comments?
  • Observability Community - getting sponsorship from this group should be considered as a priority because they are providing the tools used in live data gathering or post mortem investigation. I will be contacting them to request sponsorship.
  • Other Suggestions Welcome.
  • Project team - Here I do have some volunteers but I actually need confirmations from the interested. I also intend to invite explicitly some external but very valuable personalities (more on that later).
    So I am looking for Volunteers on  this point !

I will get the act together and  will start moving forward after thanksgiving vacation, meanwhile awaiting suggestions, woes or anything you have to say on the subject.

About

Evtim (Efi) Batchev is a security and network architect Sun Microsystems Iberia.

Search

Archives
« April 2014
MonTueWedThuFriSatSun
 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
    
       
Today