Acquiring a Forensic Disk Image with FTK Imager and the Wiebetech USB Writeblocker

This tutorial covers the process of imaging a hard drive that has already been removed from a system with FTK Imager and a write blocker. FTK Imager comes in two versions, one that is installed on a pc and one that can be used during incident response from a thumb drive. We will be using the installed version for this tutorial, but both look and function the same. I will cover the following key steps in the process:

Continue reading “Acquiring a Forensic Disk Image with FTK Imager and the Wiebetech USB Writeblocker”

Building a Virtual Cyber Security Lab Part 1 – SANS SIFT

In this post we will start creating a virtualized cyber security training environment by installing the SANS SiFT forensics workstation virtual appliance. In order to get the necessary skills to become a cyber security analyst one must practice in an environment with all the tools and a few sacrificial lambs. As you might expect most businesses will not let you use their production environments for this. So what are aspiring cyber security analyst to do? Build a test lab of course. A good lab environment will provide the analyst with all of the tools necessary to launch attacks, detect the attacks, and respond to the attacks.

Continue reading “Building a Virtual Cyber Security Lab Part 1 – SANS SIFT”

Installing NSA’s Ghidra reverse engineering tool on CentOS 7 in 10 minutes.

Today’s topic is how to install NSA Ghidra reverse engineering tool on CentOS 7 in 10 minutes. Reverse engineering of malware normally requires software that is priced out of the reach of folks that are trying to get into forensics or incident response; not anymore! NSA released the Ghidra reverse engineering tool at no cost for the end user. This is great news for people wanting to join the ranks of security analysts.

Continue reading “Installing NSA’s Ghidra reverse engineering tool on CentOS 7 in 10 minutes.”