Kali Linux Penetration Test 152 Live Forensics and Dead Forensics

Others 2022-04-27 12:39:24 views: 0

This article records the detailed process of learning and using Kali Linux 2018.1 and penetration testing. The tutorial is the course "Kali Linux Penetration Testing" in the Security Niu Classroom

Kali Linux Penetration Testing (Yuan Fanghong) Blog Record

1. Live Forensics

1. Restore text from memory

procdump.exe download address

strings.exe download address

  • Other word processing programs also work

    C:\> procdump -ma notepad.exe notepad.dmp
C:\> strings notepad.dmp > notepad.txt

2. Restore pictures from memory

  • Remote desktop, drawing tools, vbox virtual machine

    C:\>tasklist
C:\>procdump.exe -ma mstsc.exe mstsc.dmp
C:\>procdump.exe -ma mspaint.exe mspaint.dmp


mv mstsc.dmp mstsc.data
mv mspaint.dmp mspaint.data
- Gimp -> open -> Raw Image Data -> 调整参数


volatility -f mspaint.dmp --profile=Win7SP0x86 memdump -p 1456 -D dumpdir
volatility -f mstsc.dmp --profile=Win7SP0x86 memdump -p 1456 -D dumpdir

3. Extract the plaintext password from memory

  • procdump -ma lsass.exe lsass.dmp
  • Use mimikatz.exe
  • sekurlsa::minidump lsass.dmp

  • sekurlsa::logonPasswords

4. The mimikatz plugin for volatility

5. Firefox Browser Audit Tool

– dumpzilla /root/.mozilla/firefox/bvpenhsu.default/ –All

    dumpzilla /root/.mozilla/firefox/ef5pz3gn.default/ --All
![](https://i.imgur.com/px3qMuq.png)

2. Death forensics

1. Hard disk image

  • Use the kali CD to start the computer to create a hard disk image file
  • Retention = enough storage space to store files
  • dc3dd from the US Air Force Computer Crime Center
  • dcfldd
  • guymager
  • Computer Forensics Technical Reference Dataset

2. DFF (Digital Forensics Framework)

  • Open Evidence # red for deleted files
  • Discovery recover deleted and hidden files

3. autopsy

  • Very popular hard disk image analysis file
  • webserver + client architecture

4. extundelete

  • Undelete tool for ext3, ext4 file system
  • extundelete [device-file] –restore-file [restore location]

5. iPhone Backup Analyzer

  • Analyze iPhone backup files generated by iTunes, not phone images

6. foremost (developed by the US government)

  • Recover pictures from memory dump, support raw, dd, iso, vmem and other formats
  • foremost -t jpeg,gif,png,doc -i 7.raw

7. Data recommendation

Guess you like

Origin http://43.154.161.224:23101/article/api/json?id=325594695&siteId=291194637
Recommended
The number of MaxKB GitHub Stars, an open source knowledge base question and answer system based on large language models, exceeded 5,000!
Ranking
Getting the basic concepts of ROS + catkin Profile
Spring Learning (2) --- Assembling Beans in the IoC Container
js to get the src attribute of the image regularly
STM32 is based on CubeIDE and HAL library basics entry study notes: Bluetooth WIFI STM32 connects to Alibaba Cloud
Short video learning - 3, pandas simple use of pivot_table
Print directory of project configuration log, output log
Understand the difference between vi and vim in Linux in 3 minutes
1 + x certificate Web front-end development HTML5 special exercises
mangodb save and insert the difference
7-1 Family tree processing (50 points) (binary tree solution)
Daily
More
2024-05-13(8)
2024-05-12(28)
2024-05-11(32)
2024-05-10(34)
2024-05-09(32)
2024-05-08(18)
2024-05-07(34)
2024-05-06(6)
2024-05-05(0)
2024-05-04(18)

Code World

© 2018 codetd.com