26 March 2019
03 March 2019
Disk Image forensic
1) ftk imager -> multiple raw file
For Mount
1) mount
ref:
1) https://forensicsferret.wordpress.com/2010/06/28/mounting-split-raw-and-encase-segmented-files-with-affuse/
2) https://digital-forensics.sans.org/blog/2010/09/15/dealing-split-raw-type-images
2) affuse -> /mnt/fuse/multipleRawFile.001.raw
3) mmls (utk cari partition offset)
4) losetup -> /dev/loop0 (guna partition offset)
5) file -s /dev/loop0 (check partition format)
4) losetup -> /dev/loop0 (guna partition offset)
5) file -s /dev/loop0 (check partition format)
For Timeline----
1) fls -r -m C: /dev/loop0 > fls-bodyfile.txt
Then you can create timeline:
mactime -z UTC -y -d -b fls-bodyfile.txt 1500-01-01..2020-01-01 > mactimeline.csv
Then you can create timeline:
mactime -z UTC -y -d -b fls-bodyfile.txt 1500-01-01..2020-01-01 > mactimeline.csv
For Mount
1) mount
ref:
1) https://forensicsferret.wordpress.com/2010/06/28/mounting-split-raw-and-encase-segmented-files-with-affuse/
2) https://digital-forensics.sans.org/blog/2010/09/15/dealing-split-raw-type-images
01 March 2019
command untuk eksploitasi
/usr/share/metasploit-framework/exploit/pattern_create.rb -l 5010
/usr/share/metasploit-framework/tools/exploit/pattern_offset.rb -q
First create folder: !mona config -set workingfolder c:\logs\%p
Command generate: !mona bytearray
!mona compare -f C:\ -a
!mona find -type instr -s "jmp esp" -b 0x6250800
msfvenom -a x86 --platform windows -p windows/messagebox TEXT="say hi" -f python -b "\x00" -v buf
/usr/share/metasploit-framework/tools/exploit/pattern_offset.rb -q
First create folder: !mona config -set workingfolder c:\logs\%p
Command generate: !mona bytearray
!mona compare -f C:\
!mona find -type instr -s "jmp esp" -b 0x6250800
msfvenom -a x86 --platform windows -p windows/messagebox TEXT="say hi" -f python -b "\x00" -v buf
Subscribe to:
Posts (Atom)