Informatica
Páginas: 4 (833 palabras)
Publicado: 14 de marzo de 2011
Craiger's Cyberforensic Commandline Cheatsheet (C4)
1. Create a forensic image # dd if=/dev/hda1 of=forensic.dd bs=4096 conv=noerror,notrunc,sync 2. Create forensic image over network Client: # ddif=/dev/hda1 | nc 192.168.1.100 9999 -w 3 Client: # cat /dev/hda1 | nc 192.168.1.100 9999 -w 3 Server: # nc -l -v -p 9999 > forensic.dd Server:# netcat –l –v –p 9999 > forensic.dd 3. Mount an imageread-only # mount -t ntfs -o ro,loop,noatime,noexec,nodev image.dd /mnt/evidence # mount -t vfat -o ro,loop,noatime,noexec,nodev image.dd /mnt/evidence 4. Unmount the same image # umount /mnt/evidence 5.Find all files that contain the word marijuana (ignore case) # grep -r -i marijuana * // -r is for recursive, -i is for case insensitive # grep -r -i marijuana *.doc // find marijuana in all filesending with *.doc # grep -r -i -f keywords.txt * // fgrep, keywords.txt contains multiple keywords 6. Find MS Word files accessed in the last five minutes # find . -name '*.doc' -amin -5 7. Find MS Wordfiles accessed in the last five days # find . -name '*.doc' -atime -5 8. Find MS Excel files created more than 10 days ago # find . -name '*.xls' -atime +10 9. Find MS PowerPoint files accessed inthe last 10 minutes # find . -name '*.ppt' -amin -10 10.Find all JPG files that were created in the last 10 days. # find . -type f -ctime -10 -print0 | xargs -0 file | grep 'JFIF' 11.Find graphics filesthat are hidden # find / -type f ! \( -name '*.jpg' -or -name '*.bmp' -or -name '*.png' \) -print0 | xargs -0 file | grep -i -f graphics.keywords > hidden.file.list
© 2004 Philip Craiger Craiger's Cyberforensic Commandline Cheatsheet (C4)
12.Find credit card numbers # egrep “[45]###[- ]*###[- ]*###[- ]*” # grep “####-####-####-####” 13.Find Window’s OS version on Windows 9X/ME # grep –a‘RegisteredOwner’ –C 4 system.dat | strings # grep –a ‘ProductName’ –C 2 /windows/system.dat | strings > file.txt INCIDENT RESPONSE From: Craiger, J.P. (2004). Computer forensics procedures and...
1. Create a forensic image # dd if=/dev/hda1 of=forensic.dd bs=4096 conv=noerror,notrunc,sync 2. Create forensic image over network Client: # ddif=/dev/hda1 | nc 192.168.1.100 9999 -w 3 Client: # cat /dev/hda1 | nc 192.168.1.100 9999 -w 3 Server: # nc -l -v -p 9999 > forensic.dd Server:# netcat –l –v –p 9999 > forensic.dd 3. Mount an imageread-only # mount -t ntfs -o ro,loop,noatime,noexec,nodev image.dd /mnt/evidence # mount -t vfat -o ro,loop,noatime,noexec,nodev image.dd /mnt/evidence 4. Unmount the same image # umount /mnt/evidence 5.Find all files that contain the word marijuana (ignore case) # grep -r -i marijuana * // -r is for recursive, -i is for case insensitive # grep -r -i marijuana *.doc // find marijuana in all filesending with *.doc # grep -r -i -f keywords.txt * // fgrep, keywords.txt contains multiple keywords 6. Find MS Word files accessed in the last five minutes # find . -name '*.doc' -amin -5 7. Find MS Wordfiles accessed in the last five days # find . -name '*.doc' -atime -5 8. Find MS Excel files created more than 10 days ago # find . -name '*.xls' -atime +10 9. Find MS PowerPoint files accessed inthe last 10 minutes # find . -name '*.ppt' -amin -10 10.Find all JPG files that were created in the last 10 days. # find . -type f -ctime -10 -print0 | xargs -0 file | grep 'JFIF' 11.Find graphics filesthat are hidden # find / -type f ! \( -name '*.jpg' -or -name '*.bmp' -or -name '*.png' \) -print0 | xargs -0 file | grep -i -f graphics.keywords > hidden.file.list
© 2004 Philip Craiger Craiger's Cyberforensic Commandline Cheatsheet (C4)
12.Find credit card numbers # egrep “[45]###[- ]*###[- ]*###[- ]*” # grep “####-####-####-####” 13.Find Window’s OS version on Windows 9X/ME # grep –a‘RegisteredOwner’ –C 4 system.dat | strings # grep –a ‘ProductName’ –C 2 /windows/system.dat | strings > file.txt INCIDENT RESPONSE From: Craiger, J.P. (2004). Computer forensics procedures and...
Leer documento completo
Regístrate para leer el documento completo.