ENISA CERT support material and exercise material with DVDs

Posted on 20 December 2011 by Admin

ENISA has published exercise material for people working in CERTs (Computer Emergency Response Team).

First set of material is related to CERT organizations.

Second set of material is exercises

The figure below shows live DVD executed inside VMware player. Task 7 comes with examples.

ENISA-cert-dvd

The list is exercises:

  • Exercise 1: Triage and Basic Incident Handling
  • Exercise 2: Incident Handling Procedure Testing
  • Exercise 3: Recruitment of CERT Staff
  • Exercise 4: Developing CERT Infrastructure
  • Exercise 5: Vulnerability Handling
  • Exercise 6: Writing Security Advisories
  • Exercise 7: Network Forensics
  • Exercise 8: Establishing External Contacts
  • Exercise 9: Large-scale Incident Handling
  • Exercise 10: Automation in Incident Handling
  • Exercise 11: Incident Handling in Live Role Playing
  • Exercise 12: Cooperation with Law Enforcement Agencies
Posted in ENISA, Security Management, Security Organizations, Security Training, Awareness and Reports | Comments Off on ENISA CERT support material and exercise material with DVDs

IT Security Essential Body of Knowledge (EBK)

Posted on 20 December 2011 by Admin

IT Security Essential Body of Knowledge (EBK) is competence framework for IT Security, published by DHS (Department of Homeland Security). It introduces roles and competence areas, and defines how these are mapped with each other.

The documents available are:

  • IT Security EBK
  • EBK Matrix
  • EBK Glossary of Key Terms
  • EBK FAQ Sheet

EBK-security

 

In addition, DOE (Department of Energy) has made another one for Cyber Security, using Security EBK as a base.

Documents available:

  • Essential Body of Knowledge (EBK)
  • EBK Core Competency Matrix May 011
  • DOE CYBER SECURITY EBK: MINIMUM CORE COMPETENCY TRAINING REQUIREMENTS
Posted in Cybersecurity, Security Training, Awareness and Reports | Comments Off on IT Security Essential Body of Knowledge (EBK)

Security Awareness material available, by ENISA

Posted on 15 December 2011 by Admin

ENISA (European Network and Information Security Agency) has published a set of usefull material as part of their Awareness Raising project:

  • Video clips
  • Posters
    • for organizations
    • for parents
  • Illustrations
  • Screen savers

ENISA-ARproject

Posted in ENISA, Security Training, Awareness and Reports, Tips | Comments Off on Security Awareness material available, by ENISA

TestDisk, Tool for recovering data and pictures on hard disks and USB drives

Posted on 15 December 2011 by Admin

TestDisk is an free (open source) console based tool for recoving data.

TestDisk includes another tool PhotoRec, which better for recovering photos from memory cards. (It is safer to recover files since it access USB drive as readonly.)

It is Console based and menu driven.

TestDisk

Positive:

  • open source
  • good support for different file systems
  • portable
  • FAT, exFAT, NTFS and ext2 filesystem
  • Can even copy files from deleted FAT, exFAT, NTFS and ext2/ext3/ext4 partitions

Negative:

  • With TestDisk one have to be much more carefull in order to avoid mistakes

Despite of being Console based, the menu system works well. Here in the figure below, TestDisk shows both the normal and deleted files.

TestDisk-undelete

PhotoRec

PhotoRec can recover all the photos in one go after the destination directory has been defined.

PhotoRec

For GUI based portable alternatives, see another blog.

Posted in Anvanced Tools, Forensics, Recommended Free Tools, Tips, Troubleshooting | Comments Off on TestDisk, Tool for recovering data and pictures on hard disks and USB drives

WinMD5, Tool for maintaining integrity of important files and documents

Posted on 15 December 2011 by Admin

WinMD5 is a great portable tool for calculating and comparing MD5 hashes of files. With this tool one can check that the content of your important documents and files has not been changed.

Positive:

  • Portable
  • Open source
  • drag&drop
  • Can create md5 files
  • Automatic comparison

WinMD5

Files with .md5 suffix are treated as files containing hashes. The delivery package (WinMD5-2.07.zip) contains a md5 file. The figure above is taken after drag&dropping delivery files into the tool. The file with problem “CorruptFile.txt” is well highlighted.

The content of the md5 example file is:

e3d78080bfc49d89113c55cf4b7c4fb4 README.txt
191c7c02a3206fdca2b79941c634d2b2 WinMD5.exe
d73ff397a76f886e8c5a80b05223fee1 ChangeLog.txt
73895264778b3ce92c57d0dff670f7c7 CorruptFile.txt

Posted in Basic Tools, Recommended Free Tools, Tips | Comments Off on WinMD5, Tool for maintaining integrity of important files and documents

HxD, Tool for editing/viewing binary data like files, memory and disk

Posted on 15 December 2011 by Admin

HxD is a free tool which can be used for investigating not only files but also disks and memory.

HxD

It supports big files and comes with additional features, like file wiping, checksum and file comparison.

HxD-wipe

For a portable simple hex editor, see another blog.

For advanced, commercial, hex editors, it is worth to look:

Posted in Anvanced Tools, Forensics, Recommended Free Tools | Comments Off on HxD, Tool for editing/viewing binary data like files, memory and disk

wxHexEditor, Portable tool for viewing/editing binary data

Posted on 15 December 2011 by Admin

wxHexEditor is simple hex viewer/editor for binary files and hard & usb drives.

Positive:

  • Open source
  • Portable
  • Supports big files

wxHexEditor

See another blog for other hex editors with more functionality.

Posted in Anvanced Tools, Forensics, Recommended Free Tools, Tips | Comments Off on wxHexEditor, Portable tool for viewing/editing binary data