Tuesday, June 12, 2012

BackTrack 5 & Sleuth Kit

The more I use BT5 the more I am falling in love with it. As a set of tools and resources it is by far one of the most complete I have ever seen. I really wish I had stumbled across it prior to this year instead of building my own loads and distros all this time.

One of the more useful things I have done this year is to replace my aging desktop at home. It took months to build as I acquired the parts necessary for the machine I wanted (as compared to the machine which would accomplish the goal). Now that it is completed and working, I have begun setting up my tools again and getting things organized as I normally operate. I have added BT5 in a VirtualBox environment to this suite of tools. Now that I have seen the offensive and monitoring capability of the BT5 suite, I need to look into the Live CD and its set of forensics tools. I would really like to move my digital crime course to more hands on and more of a lab environment for the students. I'm trying to find a way to do this both realistically and systematically at the same time. The hands on items of interest I am currently doing in the course seems to be not only very popular among the students, but also seems to be the most retained knowledge throughout the semester, which is somewhat straightforward.

I need to just set aside some time to see how many (if any) videos and tutorials already exist for Sleuth Kit and PTK. Both of these tools are on BT5 and several other Live disks. I would not be difficult to create 10-20 laptop drives as a project for using these tools and from what I'm reading in the academic journals, a team based approach seems to work better and produce more interaction. At the same time the course has been moved from an 8am to a 2pm course, I'm sure that alone will inspire more interaction.

For those of you who are not familiar with BackTrack 5 or The Sleuth Kit (TSK), just click the links.