The main idea behind such a project is to create and/or adapt tools and develop methodologies which will help the forensic research and incident response on the Solaris Platform.
The tools and methodologies, developed here, aim to leverage the abilities of the Open Solaris OE (such as kernel, file systems, audit, logging and observability facilities - just to name a few).
We will collaborate with another Open Solaris projects, such as Validated execution and ELF Binary Signing or Solaris Fingerprint Database – just to name a few.
At this stage the project will focus on delivering tools and methodologies in the following areas:
- Live system dissection and data gathering tools based on current Open Solaris Observability facilities (such as mdb and dtrace) .
- ZFS forensics tool set and methodology.
- Live system monitoring and active data gathering tool sets.
- Malware detection tool sets especially for LKM rootkits
- Open Solaris Forensics toolkit compilation in a bootable DVD/CD/PenDrive ISO including properly configured live/death data gathering automation scripts. This compilation will strive to supply a one stop shop for Open Solaris Forensics resources aiding the forensics data gathering and analysis.
Given the dynamic nature of the information security this project will constantly adapt it's priorities in order to reflect the reality.