Android
1. Resumen o Introduccion (Resumen del informe tecnico)
1
2. Datos de las Imagenes Informacion de imagenes recividas: 04-JBRWWW-DatosVolatiles - sha1 - 9a4eb15b5369edb8cd963d116bfed5f75516bdfe JBRWWW.cleansed.dd - sha1 - 234781345ce38e1d6be136ebf48961fe5393fd6e herramientas usadas para hash Microsoft File Checksum Integrity Verifier (FCIV)
Referencia:http://support.microsoft.com/kb/841290 3. Herramientas de Software usadas: ● ● ● ● ● Autopsy AccessData FTK version Encase John the ripper Ophcrack
2
Analisis Forense Informacion Volatil
4. Información de Datos Volátil
3
5. Fecha Análisis
Fecha Inicio Finalizacion Wed 10/01/2003 Wed 10/01/2003 Hora 21:58:19.29 21:58:50.27
6. Informacion de Leyenda
Archivos MaliciososArchivos Sospechosos
Archivos de levantamiento de datos forenses
7. Informacion sobre el Equipo – psinfo
Uptime 0 days, 4 hours, 36 minutes, 20 seconds Microsoft Windows 2000, Uniprocessor Free Professional 5.0
Kernel version
Product type Product version
4
Service pack
0 days, 4 hours, 36 minutes, 20 seconds 2195 JBR Bank JBR Bank 8/23/2003, 12:46:00 PM 5.0100 C:\WINNT 1 435MHz Intel Pentium II or Celeron 126 MB Format Removable Fixed NTFS 4.0 GB 3.2 GB Label Size Free Free 0.00% 80.00 % 0.00%
Kernel build number Registered organization Registered owner Install date IE version System root Processors Processor speed Processor type Physical memory Volume Type A C
D
CD-ROM
CDFS
CDROM
272.8 MB
OS Hot Fix Installed Q147222 8/23/2003 ApplicationsWebFldrs 9.00.3501
8. Informacion de Red – Ipconfig
Host Name Primary DNS Suffix Node Type IP Routing Enabled WINS Proxy Enabled DNS Suffix Search List
jbrwww
Broadcast No No jbrbank.com
5
Informacion del Adaptador de conexion red local
Connection-specific DNS Suffix Description
jbrbank.com 3Com 3C920 Integrated Fast Ethernet Controller (3C905C-TX Compatible) 00-C0-4F-1C-10-2BYes Yes 103.98.91.41 255.255.255.0 103.98.91.1 103.98.91.1 103.98.91.1 Saturday, August 23, 2003 3:55:31 PM Tuesday, August 26, 2003 3:55:31 PM
Physical Address DHCP Enabled Autoconfiguration Enabled IP Address Subnet Mask Default Gateway DHCP Server DNS Servers Lease Obtained
Lease Expires
9. Informacion de Red
10. Informacion de Netbios – Recursos Compartidos - nbtstat -c
NetBIOSRemote Cache Name Table Name 95.208.123.64 Type UNIQUE Host Address 95.208.123.64 Life [sec] 562
11. Conexiones Activas – Netstat -na 103.98.91.200 - recurso compartido!
6
Protocolo TCP TCP TCP TCP TCP TCP TCP
Direccion Local 103.98.91.41:445 103.98.91.41:1033 103.98.91.41:1174 103.98.91.41:1465 103.98.91.41:3992 103.98.91.41:4151 103.98.91.41:60906
Direccion Remota95.208.123.64:3762 95.208.123.64:21 95.145.128.17:6667 95.208.123.64:3753 95.208.123.64:445 103.98.91.200:2222 95.16.3.23:1048
Estado ESTABLISHED CLOSE_WAIT ESTABLISHED ESTABLISHED TIME_WAIT ESTABLISHED ESTABLISHED
12. Usuarios con sesion en el equipo – psloggedon
Fecha de inicio de sesion 08/23/03 03:32 PM 10/01/03 09:52 PM
Usuario JBRWWW\Administrator (null)\ADMINISTRATOR
Z:/
13. Tabla deEnrutamiento – route
Network Destination 0.0.0.0 103.98.91.0 103.98.91.41 103.255.255.255 127.0.0.0 224.0.0.0 255.255.255.255 Default Gateway: 103.98.91.1 Netmask 0.0.0.0 255.255.255.0 255.255.255.255 255.255.255.255 255.0.0.0 224.0.0.0 255.255.255.255 Gateway 103.98.91.1 103.98.91.41 127.0.0.1 103.98.91.41 127.0.0.1 103.98.91.41 103.98.91.41 Interface 103.98.91.41 103.98.91.41 127.0.0.1103.98.91.41 127.0.0.1 103.98.91.41 103.98.91.41 Metric 1 1 1 1 1 1 1
14. Puertos Abiertos
Protocolo Puerto
7
TCP TCP TCP TCP TCP TCP TCP TCP TCP TCP TCP TCP TCP TCP TCP TCP TCP TCP TCP TCP TCP TCP TCP TCP TCP TCP TCP TCP TCP UDP
7 9 13 17 19 21 25 80 135 443 445 515 1025 1027 1030 1031 1033 1174 1465 1801 3372 4151 60906 139 1029 2103 2105 2107 4150 7
8
UDP UDP UDP UDP UDP UDP UDP UDP...
Regístrate para leer el documento completo.