[ Update: 07/03/2010 ]
Para quem
acha que os relatórios de validações de ferramentas forenses disponíveis estão um pouco antigos, existe uma oportunidade única oferecida pelo pessoal do NIST e do NW3C [National White Collar Crime Center (NW3C) ] - eles disponibilizaram este formulário para que a comunidade escolha quais produtos merecem ser revisados pela equipes destes órgãos.
Mais detalhes:
[ Post Original: 04/02/2010 ]
Com o objetivo de facilitar este trabalho seguem algumas referências de validações técnicas (testes de hardwares e softwares) relacionados à Computação Forense publicadas por 3 diferentes entidades:
1) NIST - National Institute of Standards and Technology
2) US Department of Justice
3) Marshall University
Certamente os resultados presentes nos links abaixo podem ser úteis para o avaliar e comparar a qualidade e funcionalidade de diversos produtos, além de apresentar uma interessante visão das das metodologias utilizadas durante os testes.
Observação: Foram omitidos da relação que publicamos os testes realizados há mais de 3 anos - mas a totalidade dos testes pode ser verificada nos links fornecidos abaixo.
I) http://www.cftt.nist.gov/
II) http://www.nist.gov/itl/ssd/computer-forensics.cfm (projeto reiniciado em 2010)
III) http://nij.ncjrs.gov/publications/Pub_Search.asp?category=99&searchtype=basic&location=top&PSID=55
Geração de Imagens de Discos:
- Logicube Forensic Talon Software Version 2.43 (January 2010)
- BlackBag MacQuisition 2.2 (September 2009)
- EnCase 6.5 (September 2009)
- EnCase LinEn 6.01 (October 2008)
- EnCase 5.05f (June 2008)
- FTK Imager 2.5.3.14 (June 2008)
- DCCIdd (Version 2.0, June 1 2007) (January 2008)
- EnCase 4.22a (January 2008)
- Encase Linen 5.05f (January 2008)
- IXimager (Version 2.0, Feb-01 2006) (April 2007)
- Darik's Boot and Nuke 1.0.7 (January 2010)
- Voom HardCopy II (Model XLHCPL-2PD Version 1.11) (January 2010)
- WiebeTech Drive eRazer: DRZR-2-VBND & Drive eRazer PRO Bundle (September 2009)
Bloqueadores de Escrita via Software:
ACES Software Write Block Tool Test Report: Writeblocker Windows 2000 V5.02.00 (January 2008)
ACES Software Write Block Tool Test Report: Writeblocker Windows XP V6.10.0 (January 2008)
via Hardware:
T4 Forensic SCSI Bridge (FireWire Interface) (September 2009)
T4 Forensic SCSI Bridge (USB Interface) (September 2009)
Tableau T8 Forensic USB Bridge (FireWire Interface) (August 2008)
Tableau T8 Foresnic USB Bridge (USB Interface) (August 2008)
FastBloc FE (USB Interface) (June 2007)
FastBloc FE (FireWire Interface) (June 2007)
Tableau T5 Forensic IDE Bridge (USB Interface) (June 2007)
Tableau T5 Forensic IDE Bridge (FireWire Interface) (June 2007)
Tableau Forensic SATA Bridge T3u (USB Interface) (January 2007)
Tableau Forensic SATA Bridge T3u (FireWire Interface) (January 2007)
Tableau Forensic IDE Pocket Bridge T14 (FireWire Interface) (January 2007)
Dispositivos Móveis:
- Test Results for Mobile Device Acquisition Tool: BitPim - 1.0.6-official (January 2010)
- Test Results for Mobile Device Acquisition Tool: MOBILedit! Forensics 3.2.0.738 (January 2010)
- Test Results for Mobile Device Acquisition Tool Susteen DataPilot Secure View 1.12.0 (September 2009)
- Test Results for Mobile Device Acquisition Tool: Final Data - Final Mobile Forensics 2.1.0.0313 (September 2009)
- Test Results for Mobile Device Acquisition Tool: Paraben Device Seizure 3.1 (September 2009)
- Test Results for Mobile Device Acquisition Tool: Cellebrite UFED 1.1.05 (September 2009)
- Test Results for Mobile Device Acquisition Tool: Micro Systemation .XRY 3.6 (October 2008)
- Test Results for Mobile Device Acquisition Tool: Guidance Software Neutrino 1.4.14 (October 2008)
- Test Results for Mobile Device Acquisition Tool: Paraben Device Seizure 2.1 (October 2008)
- Test Results for Mobile Device Acquisition Tool: Susteen DataPilot Secure View 1.8.0 (October 2008)
IV) http://forensics.marshall.edu/Digital/Digital-Pubs.html
Hardware Validations:
Validation Testing of Guidance Software’s FastBloc 2 Field Edition (FE)
Validation Testing of Guidance Software’s FastBloc Field Edition (FE)
Validation Testing of FastBloc Laboratory Edition (LE)
Validation Testing of Guidance Software’s FastBloc Software Edition (SE)
Verification of the Functionality of the X-Late HardCopy ATA Hard Drive Data Capture Unit
Sending multiple dd Image Captures to a Single Hard Disk Using Logicube Forensic MD5 Capturing System
Validation Testing of Paraben’s Lockdown
Validation Testing of the Logicube Serial-ATA (SATA) cloning adapter
Functionality Test of the Logicube® Forensic Talon Capturing System
Functionality Test of the UltraBlock™ Forensic Card Reader
Functionality Test of Tableau® UltraBlock™ Forensic USB Bridge Device
Functionality Test of the Logicube® Desktop Write-PROtect Adapter
Software Validations:
Independent Validation and Verification (IV&V) of EnCase Forensic Edition Law Enforcement and Government Edition Version 5 (update v.5.05d)
Independent Validation and Verification (IV&V) of AccessData’s Forensic Toolkit (FTK) Imager v.2.5.1
Sandro,
ReplyDeleteVocê conhece ferramentas para wipe de disco? limpeza completa de HDs?
Anônimo.. Boa pergunta. Para uma máquina por vez a opção open-source é LIVE CD LINUX Darik´s Boot and Nuke (www.dban.org) - hoje na versao 2.0.0
ReplyDeleteInclusive adicionei a seção relacionada à Wipe/Sanitização de Discos no post original - contendo também ferramentas de hardware profissionais (bem mais rápidas) para o mesmo fim.
Preparação de Discos (WIPE/Sanitização)
* Darik's Boot and Nuke 1.0.7 (January 2010)
* Voom HardCopy II (Model XLHCPL-2PD Version 1.11) (January 2010)
* WiebeTech Drive eRazer: DRZR-2-VBND & Drive eRazer PRO Bundle (September 2009)
Valeu Sandro! ;-)
ReplyDelete