imaging websites

Are there any free tools used by the forensics communuty for taking a forensically sound copies of a website (or specific pages) as it was at particular point in time.

Out of itnerest -- have you ever had any involvement in website forensics, and seeing as content can change at any time, how can you prove the copy you have taken is valid as it was at the time the copy was taken (even if the website/content is completely changed since).
LVL 4
pma111Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

btanExec ConsultantCommented:
that is the same acquisition and chain of custody practice in getting to the physical server and have the write blocker to do the bit binary copy. it get tricky for virtual hosting as the website can be virtual image file only and we simply copy that file as it is. Ideally the whole server for the website need to be acquired and start off the standard forensic. The checks really is to identify traces of breach and indicator of compromise. The web logs are critical for correlation as as well as host and web appl login audit trails for investigation.

For live acqusition of just the website if that is only the interest and access granted, then you may consider
-using  wget, Website Ripper/Copier and/or httrack in a recursive way,
-using Adobe Acrobat Pro for turning entire sites into PDF
-screen/video capture for recording sites that use a lot of java/flash
-log the sessions with wireshark

idea is to have both the web site content and the server messages suitable for timestamp and non-deniability of the source of the content

analysis will cover Visual, Code and Content
- visual analysis of a website enables the examiner to review the overall layout of pages, documents, and images. It assists with point-in-time comparisons, activity or trend timeline creation, and provides a better overview of associations between various aspects of the data

- code analysis utilizes your software analysis skills and tools to identify differences between the pages and the database structure and data. This type of analysis is extremely useful when investigating malicious code, errors, or false entries in a database

-content analysis, like traditional means also help by revealing content and dates of content uploads and downloads to the website by various end users.

Hopefully, with the above analyses performed, we were able to
- determine the changes made between site versions,
- keywords related to the matter,
- an estimated timeline of version changes to the site,
- information that had been removed from the website.

(really depends on the depth and objective ... it can be long haul work as website can have external links too and it sketch the coverage then ...)
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
btanExec ConsultantCommented:
interesting s/w (though may not be totally free) - many free one (though not specific to website but can be useful ref if needed to search for some uses...)
http://forensiccontrol.com/resources/free-software/

Warrick is a utility for reconstructing or recovering a website when a back-up is not available.
http://warrick.cs.odu.edu//about.php

WebCase to collect, document and verify Internet-based information
http://veresoftware.com/index.php?page=webcase---features
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Security

From novice to tech pro — start learning today.