Kali Linux Penetration Testing 150 Introduction to Computer Forensics

Others 2022-04-27 11:32:43 views: 0

This article records the detailed process of learning and using Kali Linux 2018.1 and penetration testing. The tutorial is the course "Kali Linux Penetration Testing" in the Security Niu Classroom

Kali Linux Penetration Testing (Yuan Fanghong) Blog Record

1 Introduction

  • Forensic investigations
  • forensic investigation

  • Incident Response Investigation

    • Hacking, penetration testing marks

  • what is forensic science

    • forensic, forensic, forensic, forensic
    • In order to solve the case and restore the truth, a series of scientific methods to collect court evidence
      • Refer to local legal requirements
      • General principles of practice

  • CSI: Physical Forensics

    • Fingerprints, DNA, ballistics, bloodstains
    • The theoretical basis of inability to obtain evidence is the principle of material exchange

  • This chapter focuses on: Digital Forensics/Computer Forensics

    • Smart devices, computers, mobile phones, tablets, IoT, wired and wireless channels, data storage

2. General principles

  • Maintain Evidence Integrity
    • Digital forensics are more fortunate than physical forensics and can have an unlimited number of copies for analysis
    • Digital HASH value to verify data integrity
  • Maintain the chain of custody
    • The physical evidence is kept in the evidence bag, and every time it is taken out, it is strictly recorded to avoid damage and pollution
    • The original version of digital evidence is write-protected, and copies are used for analysis
  • standard operating procedures
    • The use of evidence is strictly in accordance with the normative process, even if the process is proved to be wrong afterwards (disclaimer)

  • Forensic analysis of the entire process of record documents

  • The motto of digital forensics

    • Don't destroy the data scene (seemingly simple, practically impossible to achieve)
    • Volatile data such as registers, CPU caches, and I/O device caches are almost impossible to obtain
    • System memory is the main non-volatile storage medium forensics object, and the data in it cannot be obtained without modification
    • Non-volatile storage media are usually kept with full image copies
    • Normal shutdown or unplug the power directly (data loss damage)
  • Evidence search
    • data
    • information
    • evidence

3. Forensic Science

  • as a security practitioner
    • Restoring the Trajectory of Hacking Through Forensics
    • As a differentiation criterion between penetration testing and hacking
      • Jiayuan event
      • Evernote Penetration Testing Incident

4. Forensic Methods

  • live forensics
    • Crawl file metadata, create timelines, command history, analyze log files, hash digests, transfer
    • memory information
    • Use an uninfected clean program to perform forensics on the data collected from the USB stick/network storage
  • death forensics
    • Make hard disk image and analyze image (MBR, GPT, LVM) after shutdown

Guess you like

Origin http://43.154.161.224:23101/article/api/json?id=325569846&siteId=291194637
Recommended
TIOBE May list: Fortran “resurrected” into Top 10
GCC 14.1 released
Ranking
B. Little Girl and Game【1300 / 回文字符串 博弈论】
CIKERS Shane 20190613
"Javascript advanced programming" study notes - the constructor and prototype
beeline hiveserver2 start
springboot - Automatically backup mysql data every day
Data Storage Full Solution--Detailed Persistence Technology
Detailed Explanation of Spring Web MVC DispatcherServlet—Official Original
TCP / IP protocol layers structure and function
Command type literal pos: unknown; Fallback type literal pos: unknown] with root cause
Design of multifunctional curtain controller with indoor anti-theft alarm
Daily
More
2024-05-08(18)
2024-05-07(34)
2024-05-06(6)
2024-05-05(0)
2024-05-04(18)
2024-05-03(8)
2024-05-02(0)
2024-05-01(4)
2024-04-30(36)
2024-04-29(5)

Code World

© 2018 codetd.com