1 / 7

CERT Fedora

Moshe Caplan moshecaplan@isis.poly.edu. CERT Fedora. *Presentation based on slides originally created for 2012 CSAW Cybersecurity Summer Bootcamp : https://sites.google.com/a/isis.poly.edu/cyfor/hsf-teacher-summer-bootcamp/hsf-teacher-summer-bootcamp---day-3. Introduction.

knoton
Download Presentation

CERT Fedora

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Moshe Caplan moshecaplan@isis.poly.edu CERT Fedora *Presentation based on slides originally created for 2012 CSAW Cybersecurity Summer Bootcamp: https://sites.google.com/a/isis.poly.edu/cyfor/hsf-teacher-summer-bootcamp/hsf-teacher-summer-bootcamp---day-3

  2. Introduction • Prebuilt Virtual Machine (VM) with many forensics tools • Put out by US CERT and CMU • Latest Version: Fedora 14 Release 2011 Version 1 • It is available for free online • You will also need the free VMware Player • http://www.vmware.com/products/player/

  3. Downloading • You can obtain it from here: • http://www.cert.org/forensics/repository/ • See the section “ADIA – Appliance for Digital Analysis and Investigation” • Follow their accompanying guide to put it together • http://www.cert.org/forensics/repository/appliance/CERT%20Forensics%20Appliance%20-%20Download%20and%20Install.pdf

  4. Important Notes (1) • The iso you download is NOT bootable • You will need to extract the contents (see the guide) • WinRar is one program that will do this • http://www.win-rar.com/start.html • You may want to modify the default file associations during install as WinRar will by default associate itself with every file it can read. We just need it for extracting “iso” files • Account passwords are all “forensics” • Automatic login doesn’t require password

  5. Important Notes (2) • If your mouse gets stuck in the VM (i.e. you can’t get back to your host machine) press Ctrl + Alt • Make sure to set up “Shared Folders” • You may need to delete the shared folder already set up and create a new one • See the guide or: https://sites.google.com/a/isis.poly.edu/cyfor/discussion-forum?place=topic%2Fcyforhsf%2FrVlRTZNqms4%2Fdiscussion

  6. Updates • When you get to the software updates section I used the following two commands instead of theirs • sudo yum update cert-forensics-tools-release • sudo yum update --disableexcludes=all --skip-broken • Make sure these commands complete successfully • I ran into many problems when they didn’t • They may take a long time • You will need to confirm certain actions during the update process so check on it every once in a while

  7. Screenshot

More Related