Git-Mirrors/sec-pentesting-toolkit

Fork 0

mirror of https://github.com/autistic-symposium/sec-pentesting-toolkit.git synced 2025-04-26 18:49:08 -04:00

History

go-outside-helper cd0c57f87c

Delete Forensics/IOCs/.DS_Store

2024-03-14 17:18:20 +01:00

IOCs

Delete Forensics/IOCs/.DS_Store

2024-03-14 17:18:20 +01:00

readings

Starting organizing my forensics material

2015-11-26 10:28:40 -08:00

scripts

Starting organizing my forensics material

2015-11-26 10:28:40 -08:00

osx_memory_forensics.md

will finish later

2015-11-26 20:06:00 -08:00

README.md

💁‍♂️Clean up readme

2019-10-29 19:05:25 -07:00

volatility.md

Starting organizing my forensics material

2015-11-26 10:28:40 -08:00

README.md

Forensics

Disk Forensics

Basic useful CLI tools:

ps

Show the processes for all users (a), displaying the process's user/ownser (u), and the processes that are not attached to a terminal (x):

$ ps aux

Display the full listing of all processes (useful for finding underisable processes):

$ ps ef

lsof

Display a specific pricess in more details, by displaying the files and ports associated with that process.

$ lsof -p

Display processes running form or acessing files that have been unlinked:

$ lsof +L1

find

$ find / -uid 0

arp

Display all MAC to IP address mapping of the system (useful for finding addresses of systems that are not part of the network.

$ arp -a

Others: uptime, free, df.

dd

strings

$ strings /tmp/mem.dump | grep BOOT_
$ BOOT_IMAGE=/vmlinuz-3.5.0-23-generic

README.md

Forensics

Disk Forensics

Basic useful CLI tools:

ps

lsof

find

arp

dd

strings

scalpel

TrID

binwalk

foremost

ExifTool

dff

CAINE

The Sleuth Kit

Memory Forensics

memdump

Volatility: Analysing Dumps

Scripts

PDFs

References