mirror of
https://github.com/autistic-symposium/sec-pentesting-toolkit.git
synced 2025-04-27 19:16:08 -04:00
61 lines
737 B
Markdown
61 lines
737 B
Markdown
# Forensics
|
|
|
|
## Disk Forensics
|
|
|
|
### dd
|
|
|
|
### strings
|
|
|
|
```shell
|
|
$ strings /tmp/mem.dump | grep BOOT_
|
|
$ BOOT_IMAGE=/vmlinuz-3.5.0-23-generic
|
|
```
|
|
|
|
### scalpel
|
|
|
|
### TrID
|
|
|
|
### binwalk
|
|
|
|
### foremost
|
|
|
|
### ExifTool
|
|
|
|
### Hex editors
|
|
|
|
### dff
|
|
|
|
### CAINE
|
|
|
|
### The Sleuth Kit
|
|
|
|
|
|
----------
|
|
|
|
## Memory Forensics
|
|
|
|
### memdump
|
|
|
|
|
|
|
|
### Volatility: Analysing Dumps
|
|
|
|
* [I have a lot of material on Volatility and Memory Forensics here](volatility.md)
|
|
* I highly reccomend their training.
|
|
|
|
---------------
|
|
### Scripts
|
|
|
|
#### PDFs
|
|
Tools to test a PDF file:
|
|
|
|
- pdfid
|
|
- pdf-parser
|
|
|
|
|
|
-----------
|
|
## References
|
|
|
|
* [File system analysis](http://wiki.sleuthkit.org/index.php?title=FS_Analysis)
|
|
* [TSK Tool Overview](http://wiki.sleuthkit.org/index.php?title=Mactime)
|