Git-Mirrors/sec-pentesting-toolkit
1
0
Fork 0
mirror of https://github.com/autistic-symposium/sec-pentesting-toolkit.git synced 2025-05-01 22:36:05 -04:00
Code Issues Projects Releases Packages Wiki Activity
sec-pentesting-toolkit/Forensics
History
bt3gl bede0e3e79 remove dead urls, clean up readme
2024-11-04 19:30:49 +07:00
..
IOCs remove dead urls, clean up readme 2024-11-04 19:30:49 +07:00
readings Starting organizing my forensics material 2015-11-26 10:28:40 -08:00
scripts Starting organizing my forensics material 2015-11-26 10:28:40 -08:00
osx_memory_forensics.md will finish later 2015-11-26 20:06:00 -08:00
README.md remove dead urls, clean up readme 2024-11-04 19:30:49 +07:00
volatility.md Starting organizing my forensics material 2015-11-26 10:28:40 -08:00

README.md

Forensics

Disk Forensics

Basic useful CLI tools:

ps

Show the processes for all users (a), displaying the process's user/ownser (u), and the processes that are not attached to a terminal (x):

$ ps aux

Display the full listing of all processes (useful for finding underisable processes):

$ ps ef

lsof

Display a specific pricess in more details, by displaying the files and ports associated with that process.

$ lsof -p

Display processes running form or acessing files that have been unlinked:

$ lsof +L1

find

$ find / -uid 0

arp

Display all MAC to IP address mapping of the system (useful for finding addresses of systems that are not part of the network.

$ arp -a

Others: uptime, free, df.

dd

strings

$ strings /tmp/mem.dump | grep BOOT_
$ BOOT_IMAGE=/vmlinuz-3.5.0-23-generic

scalpel

TrID

binwalk

foremost

ExifTool

dff

CAINE

The Sleuth Kit

Memory Forensics

memdump

Volatility: Analysing Dumps

Scripts

PDFs

Tools to test a PDF file:

  • pdfid
  • pdf-parser

References