Git-Mirrors/sec-pentesting-toolkit
1
0
Fork 0
mirror of https://github.com/autistic-symposium/sec-pentesting-toolkit.git synced 2025-04-28 03:26:08 -04:00
Code Issues Packages Projects Releases Wiki Activity

Starting organizing my forensics material

Browse Source
This commit is contained in:
bt3 2015-11-26 10:28:40 -08:00
parent c50d88d102
commit 0077bcf0bf
16 changed files with 9193 additions and 21 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

68
Forensics/README.md
View File

@ -1,22 +1,60 @@
# Forensics # Forensics
## Disk Forensics
## Tools ### dd
### Scripts: ### strings
```shell
$ strings /tmp/mem.dump | grep BOOT_
$ BOOT_IMAGE=/vmlinuz-3.5.0-23-generic
```
### scalpel
### TrID
### binwalk
### foremost
### ExifTool
### Hex editors
### dff
### CAINE
### The Sleuth Kit
----------
## Memory Forensics
### memdump
### Volatility: Analysing Dumps
* [I have a lot of material on Volatility and Memory Forensics here](volatility.md)
* I highly reccomend their training.
---------------
### Scripts
#### PDFs
Tools to test a PDF file:
- memdump
- pdfid - pdfid
- pdf-parser - pdf-parser
- dd
- strings
- scalpel -----------
- TrID ## References
- binwalk
- foremost * [File system analysis](http://wiki.sleuthkit.org/index.php?title=FS_Analysis)
- ExifTool * [TSK Tool Overview](http://wiki.sleuthkit.org/index.php?title=Mactime)
- Hex editors
- DFF
- CAINE
- The Sleuth Kit
- Volability

6
Forensics/memdump.md
View File

@ -1,6 +0,0 @@
## memory dump
```
strings /tmp/mem.dump | grep BOOT_
BOOT_IMAGE=/vmlinuz-3.5.0-23-generic
```

BIN
Forensics/readings/DFRWS-EU-2015-short-presentation-1.pdf Normal file
View File

Binary file not shown.

BIN
Forensics/readings/DFRWS-EU-2015-short-presentation-2.pdf Normal file
View File

Binary file not shown.

BIN
Forensics/readings/DFRWS2014-p1.pdf Normal file
View File

Binary file not shown.

9140
Forensics/readings/DFRWS2015-5.pdf Normal file
View File

File diff suppressed because one or more lines are too long

BIN
Forensics/readings/Detect_Malware_w_Memory_Forensics.pdf Normal file
View File

Binary file not shown.

BIN
Forensics/readings/ELF_Format.pdf Normal file
View File

Binary file not shown.

BIN
Forensics/readings/Facilitating-Fluffy-Forensics-Andrew-Hay.pdf Normal file
View File

Binary file not shown.

BIN
Forensics/readings/THA-Deep-Dive-Analyzing-Malware-in-Memory.pdf Normal file
View File

Binary file not shown.

BIN
Forensics/readings/hta-f01-hunting-mac-malware-with-memory-forensics.pdf Normal file
View File

Binary file not shown.

BIN
Forensics/readings/sift_cheat_sheet.pdf Normal file
View File

Binary file not shown.

BIN
Forensics/readings/tmc_sjennings_linuxcon2013.pdf Normal file
View File

Binary file not shown.

0
Forensics/pdf-parser.py → Forensics/scripts/pdf-parser.py
View File

0
Forensics/pdfid.py → Forensics/scripts/pdfid.py
View File

0
Forensics/volatility.md Normal file
View File