(Part 2) Best products from r/computerforensics
We found 23 comments on r/computerforensics discussing the most recommended products. We ran sentiment analysis on each of these comments to determine how redditors feel about different products. We found 59 products and ranked them based on the amount of positive reactions they received. Here are the products ranked 21-40. You can also go back to the previous section.
21. CRU WiebeTech USB WriteBlocker (31300-0192-0000)
Forensic in-line USB write-blockerConvenient USB write blockingReliable evidence protectionAccess to different USB devices
22. The Hacker Playbook 2: Practical Guide To Penetration Testing
- ISBN13: 9781449381653
- Condition: New
- Notes: BRAND NEW FROM PUBLISHER! 100% Satisfaction Guarantee. Tracking provided on most orders. Buy with Confidence! Millions of books sold!
Features:
23. The Web Application Hacker's Handbook: Finding and Exploiting Security Flaws
- Comes with secure packaging
- It can be a gift item
- Easy to read text
Features:
24. Crafting the InfoSec Playbook: Security Monitoring and Incident Response Master Plan
O Reilly Media
25. The Practice of Network Security Monitoring: Understanding Incident Detection and Response
- Used Book in Good Condition
Features:
27. Wireshark Network Analysis (Second Edition): The Official Wireshark Certified Network Analyst Study Guide
- 100% Jute, made in India
- Crafted with love and care, handmade rugs carry the spirit of the artisans that made them. Each piece is marked by subtle but individual differences that make your rug unique
- Sustainably handcrafted of natural fibers, this rug boasts an organic simplicity that complements any home décor and is perfect for your living room, dining room, kitchen, or hallway
- A neutral color palette ensures this rug can be seamlessly integrated into existing décor
- We recommend pairing with a nuLOOM rug pad for added comfort and ease of care
Features:
29. Learning Malware Analysis: Explore the concepts, tools, and techniques to analyze and investigate Windows malware
30. Windows Forensic Analysis Toolkit: Advanced Analysis Techniques for Windows 7
- Used Book in Good Condition
Features:
31. StarTech.com SATA to USB Cable - USB 3.0 to 2.5” SATA III Hard Drive Adapter - External Converter for SSD/HDD Data Transfer (USB3S2SAT3CB)
- QUICKLY ACCESS A SATA SSD OR HDD: By connecting to a SATA 2.5" SATA SSD or HDD using this SATA to USB cable--you can add storage, perform backups, create disk images, implement data recoveries, and transfer content to your laptop
- FAST TRANSFER SPEEDS WITH UASP: The SATA to USB adapter supports USB 3.0 data transfer speeds of 5Gbps, plus you can experience transfer speeds up to 70% faster than conventional USB 3.0 when connected to a computer that also supports UASP
- CONNECT FROM ANYWHERE: The hard drive USB adapter is a portable solution that tucks away nicely in a laptop bag with no external power required
- SAVE TIME: The hard drive transfer cable lets you easily swap between drives with no need to install the drive inside an enclosure--just plug and play
Features:
34. XBOX 360 Forensics: A Digital Forensics Guide to Examining Artifacts
- New Kenya coffee press uses the preferred plunger method
- Heat-resistant, borosilicate glass beaker with curved plastic frame
- Stainless-steel 3-piece filter system; no paper filter needed
- Frame protects table from heat; all parts are dishwasher-safe
- 34-ounce capacity makes 3 mugs or 8 after-dinner cups of coffee
Features:
36. Gray Hat Python: Python Programming for Hackers and Reverse Engineers
No Starch Press
38. USB-C to USB 3.0 Cable, TriLink 2-Pack(3ft,5ft) Nylon Braided Type C Fast Charger Cord for Sumsung Galaxy Note 8 S8 Plus, Nexus 5X 6P, LG G6 V20 V30, OnePlus 5 3T, Google Pixel, Nintendo Switch(Gray)
High Speed Charge& Sync:21 AWG power line and 56k resistor ensures a safe charging at 2.4A Maximum and the speed of data sync up to 5.0 GbpsExtremely Durable: Sturdy and Tangle-Free design, covered with nylon braided jacket and anodized aluminum housing, unibody reversible USB-C connector that plugs...
39. BELKIN F2CU029bt1M-BLK 3.1 USB-A to USB-C Cable, 3ft
- Connect USB-C enabled devices (new MacBook, Chromebook Pixel) with standard USB-A devices (laptops, hard drives, etc.)
- Reversible USB-C connector
- 10Gbps data transfer rate
- 3A charging output
- 3 foot length
- Compatible with all current available USB-C built-in devices: Google Chromebook Pixel 2, Apple New MacBook, LeTV Smartphone, Kensington Digital USB USB-C Flash Drive, Nokia N1 Tablet, SanDisk Portable SSD USB C, SanDisk 32GB Flash Drive, OnePlus 2 Smartphone, HP Pavilion x2 2-in-1, HP Pro Tablet 608
Features:
40. Learning Android Forensics
- Intel Core i5-4200U 3 MB Cache processor (1.6GHz/2.6GHz w/ Turbo Boost), Windows 8 64 bit
- 4 GB DDR3 Memory, Maximum Memory support 8GB
- 500 GB 5400rpm Hard Drive
- 15.6 Inch HD Widescreen CineCrystal LED-backlit display (1366 x 768) - Intel HD Graphics 4400
- webcam, HDMI, USB 3.0, card reader up to 4 hour battery(2500 mAh Lithium Ion 4 cell)
Features:
And when the little old lady is exploiting children in some of those pictures, you're going to wish you had used a write-blocker.
They are cheap enough to have on hand: http://www.amazon.com/WiebeTech-31300-0192-0000-USB-writeblocker-Rohs/dp/B002DH1P0W/ref=sr_1_1?s=electronics&ie=UTF8&qid=undefined&sr=1-1&keywords=cru+usb+write+blocker
Stolen from Hddguru.com:
Most Important thing while doing DATA Recovery / Forensic is source hard disk should not be modified . If source hard disk is connected to windows based machine chances are that windows may write by following means-
Since this is the subreddit for DFIR, that's what you're going to end up with as far as suggestions go. For pentesting stuff, checkout:
-Web Application Hacker's Handbook: https://www.amazon.com/Web-Application-Hackers-Handbook-Exploiting/dp/1118026470 (this has some labs, but just reading through the various weaknesses in WebApps will be a great start)
-The Hacker Playbook: https://www.amazon.com/dp/1512214566/ref=pd_lpo_sbs_dp_ss_1?pf_rd_p=1944687742&pf_rd_s=lpo-top-stripe-1&pf_rd_t=201&pf_rd_i=1118026470&pf_rd_m=ATVPDKIKX0DER&pf_rd_r=1NSA1RZZ3WQTP374S9WK
Red Team Field Manual: https://www.amazon.com/Rtfm-Red-Team-Field-Manual/dp/1494295504/ref=pd_bxgy_14_img_2?ie=UTF8&psc=1&refRID=S7FG8F9TCMZMM9HVX2TN
Those two are good general pentesting books. You might also try /r/AskNetsec for other suggestions.
This is your curriculum:
1 & 2 below are basically required reading in my CSIRT; 3 is optional, but advisable.
Next get yourself and/or your organization to participate in FIRST
Short answer: yes. Scripting is helpful in DF, especially if you're in an IR role where you're dealing with data from many different systems. Python is far and away the most common, although plenty of folks use other languages.
You could go the conventional "take a class about it" route: http://classlist.champlain.edu/course/description/number/dfs_510/register/false
Or you could just teach yourself: https://www.amazon.com/Learning-Python-Forensics-Preston-Miller/dp/1783285230
Digital Forensic workbook is a great source for building foundational knowledge on many of the general computer forensic techniques. It covers info such as file system forensics, acquisition, software write blocking, registry analysis, email analysis, internet history analysis, recovering data in unallocated space, etc. Labs are included with the book so you can test the content learned against sample data.
Learning Malware Analysis Guides you through static analysis, dynamic analysis, using IDA pro, and other dismembers to determine the intent of malicious files.
Practical Malware Analysis
Wireshark Network Analysis
This is about the best source on the subject: https://www.amazon.com/Windows-Forensic-Analysis-Toolkit-Third/dp/1597497274
Ensure all your ports and gear are USB 3.0, then buy something like this: SATA->USB3 adapters aren't expensive:
https://www.amazon.com/StarTech-SATA-Drive-Adapter-Cable/dp/B00HJZJI84/ref=sr_1_3?ie=UTF8&qid=1503275696&sr=8-3&keywords=usb+sata+adapter
Windows Forensics and Linux Forensics by Phil Polstra are 2 books about Forensics and IR that came out in 2015-2016. They go real in-depth about filesystems and teach you how to understand the parsing/processing and forensic analyses proces by creating your own python scripts instead of just running tools and rely on those. I can really recommend these books for starters.
https://www.amazon.com/Windows-Forensics-Dr-Philip-Polstra/dp/1535312432
https://www.amazon.com/Linux-Forensics-Philip-Polstra/dp/1515037630/ref=pd_sbs_14_t_2?_encoding=UTF8&psc=1&refRID=ZZV0H8ZCEWQDX1HNX8TW
You might want to see if you can find a copy of this book. Haven't read it myself, but it looks like the only book on XBOX360 Forensics that's currently available.
You said you checked the header, but did you check the footer? PNGs have a clear start and end, anything after that is basically ignored and could be used to hide data.
Look for extraneous data after the IEND chuck. This has been used in the past to obscure a malware payload in an otherwise normal looking PNG.
Also, PoC or GTFO is a newish book that addresses this, so whoever gave you the PNG might of read it recently and thought they'd be clever with you.
"Grey Hat Python" by Justin Seitz has a lot of really good examples.
https://www.amazon.com/Gray-Hat-Python-Programming-Engineers/dp/1593271921
Mind sharing the links? There's a few "Hack this site" websites ranging from user uploaded files and I've seen one which is more based on javascript and SQL injection.
Have you thought about looking at crackme? There's also the Microsoft Blue Hat Challenge. Forensic Focus also provide a list of resources to practice with.
There's always books as well. I'm currently working through Real Digital Forensics that comes with files used in the book and explain how it was gathered and how to view it.
There's plenty of resources out there, but you've got to be a bit more specific on what challenge you're looking for, as there's a range of subjects.
The main tools used are generally Cellebrite, XRY and Oxygen. Some other tools are used too but to a lesser extent, these usually include things like EnCase, Blackbag Blacklight / Mobilyze and a few others.
Actually learning to use the tools can be difficult because few of them have free trials or any kind of training that you don’t have to pay a lot of money for. Cellebrite and XRY do have viewers though and the viewers are very similar to the tools themselves so you can at least get familiar with the interface and how to view and sort the data. If you know someone with the tools they can easily supply you with some test data and a viewer to mess around with and the suppliers themselves might even be willing to share this if you email them.
The tools in general are actually quite simple to use anyway, there is much less in terms of options compared to X-Ways, EnCase etc. The more difficult stuff in the mobile world is learning about the operating systems of the phones, doing manual analysis of unsupported applications and doing chip-off and JTAG.
A couple of books I recommend for learning about mobile forensics in general are these:
https://www.amazon.com/Learning-Android-Forensics-Rohit-Tamma/dp/1782174575/ref=sr_1_1?s=books&ie=UTF8&qid=1485333598&sr=1-
https://www.amazon.com/Practical-Mobile-Forensics-Heather-Mahalik/dp/1786464209/ref=sr_1_1?s=books&ie=UTF8&qid=1485333543&sr=1-
Use a quality USB-C to USB-A data cable.
T2 will be a challenge. I do not know anything that will detect/flag T2 devices but Apple provides us with a list: https://support.apple.com/en-us/HT208862
Here is a T2 overview with more technical detail: https://www.apple.com/mac/docs/Apple_T2_Security_Chip_Overview.pdf
https://smile.amazon.com/Learning-Python-Forensics-Preston-Miller/dp/1783285230