forked from mariusv/Gray-Hacker-and-PenTesting
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Starting organizing my forensics material
- Loading branch information
bt3
committed
Nov 26, 2015
1 parent
2507cfc
commit f4c88cb
Showing
16 changed files
with
53 additions
and
21 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,22 +1,60 @@ | ||
# Forensics | ||
|
||
## Disk Forensics | ||
|
||
## Tools | ||
### dd | ||
|
||
### Scripts: | ||
### strings | ||
|
||
```shell | ||
$ strings /tmp/mem.dump | grep BOOT_ | ||
$ BOOT_IMAGE=/vmlinuz-3.5.0-23-generic | ||
``` | ||
|
||
### scalpel | ||
|
||
### TrID | ||
|
||
### binwalk | ||
|
||
### foremost | ||
|
||
### ExifTool | ||
|
||
### Hex editors | ||
|
||
### dff | ||
|
||
### CAINE | ||
|
||
### The Sleuth Kit | ||
|
||
|
||
---------- | ||
|
||
## Memory Forensics | ||
|
||
### memdump | ||
|
||
|
||
|
||
### Volatility: Analysing Dumps | ||
|
||
* [I have a lot of material on Volatility and Memory Forensics here](volatility.md) | ||
* I highly reccomend their training. | ||
|
||
--------------- | ||
### Scripts | ||
|
||
#### PDFs | ||
Tools to test a PDF file: | ||
|
||
- memdump | ||
- pdfid | ||
- pdf-parser | ||
- dd | ||
- strings | ||
- scalpel | ||
- TrID | ||
- binwalk | ||
- foremost | ||
- ExifTool | ||
- Hex editors | ||
- DFF | ||
- CAINE | ||
- The Sleuth Kit | ||
- Volability | ||
|
||
|
||
----------- | ||
## References | ||
|
||
* [File system analysis](http:https://wiki.sleuthkit.org/index.php?title=FS_Analysis) | ||
* [TSK Tool Overview](http:https://wiki.sleuthkit.org/index.php?title=Mactime) |
This file was deleted.
Oops, something went wrong.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file added
BIN
+375 KB
Forensics/readings/hta-f01-hunting-mac-malware-with-memory-forensics.pdf
Binary file not shown.
Binary file not shown.
Binary file not shown.
File renamed without changes.
File renamed without changes.
Empty file.