Wednesday Jun 25, 2008
Wednesday Jun 04, 2008
By efi on Jun 04, 2008
Sun and CGI completed evaluation activities for Solaris Trusted
Extensions on Thursday, 30 May 2008 and submitted an Evaluation
Technical Report (ETR) to the Communications Security Establishment of
Canada (CSE) for CC Certification.
Thursday Mar 06, 2008
By efi on Mar 06, 2008
Yay ! We are almost ready! I will ask the Open Solaris Admins to make visible the Forensics project on Monday 10.03.2008.
What is in so far:
- Live kernel dissection scripts
- findrootkit.pl script, by Casper Dik, which detects LKM rootkits on Solaris.
- Placeholders for future projects
Well that is all for now. The URL and official announcement on security dash discuss at opensolaris dot org and here on Monday.
See you then !
Friday Nov 23, 2007
By efi on Nov 23, 2007
Few days ago after being poked by several people (but mainly by Mark Furner ) I decided to ask the Open Solaris Security Community does the creation of Open Solaris Forensic [Toolkit] Project makes sense.
I personally was pleasantly surprised by the reaction:
(one can see that I was pretty excited on posting by looking at the way my fat fingers hit "tr" together resulting in "Fotrensics" instead of Forensics)
Apparently the Open Solaris Security Community finds this project to be a useful and I hope to count on their sponsorship upon future porject instantiation.
I have been looking trough the Open Solaris Policies inorder to find the process for requesting a new project and I found there the things I need to submit. Some of the requirements are present and other are missing partially. Amongst the mossing ones I still need to compile the following:
- A list of sponsoring Community Groups
- Security Community - I hope the idea got their attention and the project has at least one sponsor, unless I am very much wrong ! (please be direct with me !)
- ZFS Community - I think this will be a very interesting sponsorship and collaboration opportunity as on of the main missing pieces in the Solaris Forensics challenge is a proper ZFS forensics analysis toolkit.
- Unix File Systems (UFS) - Though many tools exist for UFS forensic data gathering, grave digging and analysis the proper implementation details may require cooperation and possible interest from this group. Comments?
- Observability Community - getting sponsorship from this group should be considered as a priority because they are providing the tools used in live data gathering or post mortem investigation. I will be contacting them to request sponsorship.
- Other Suggestions Welcome.
- Project team - Here I do have some volunteers but I actually need confirmations from the interested. I also intend to invite explicitly some external but very valuable personalities (more on that later).
So I am looking for Volunteers on this point !
I will get the act together and will start moving forward after thanksgiving vacation, meanwhile awaiting suggestions, woes or anything you have to say on the subject.
Evtim (Efi) Batchev is a security and network architect Sun Microsystems Iberia.
- Certified! Solaris 10 Release 11/06 Trusted Extensions
- Solaris Trusted Extensions Evaluation Pending
- Open Solaris Forensics Tools Project Goes Live
- Open Solaris Forensics Project About to Go Live
- Happy New 2008
- Proposal - Open Solaris Forensic Toolkit Project
- Introduction to Live Kernel Dissection for Forensics Purposes - Skinning a Cat For Meta Data 
- On Application Security
- Recycling Some old Papers
- First Post