hacktricks/forensics/basic-forensic-methodology/README.md

# Osnovna Forenzička Metodologija

{% hint style="success" %}
Učite i vežbajte AWS Hacking:<img src="/.gitbook/assets/arte.png" alt="" data-size="line">[**HackTricks Training AWS Red Team Expert (ARTE)**](https://training.hacktricks.xyz/courses/arte)<img src="/.gitbook/assets/arte.png" alt="" data-size="line">\
Učite i vežbajte GCP Hacking: <img src="/.gitbook/assets/grte.png" alt="" data-size="line">[**HackTricks Training GCP Red Team Expert (GRTE)**<img src="/.gitbook/assets/grte.png" alt="" data-size="line">](https://training.hacktricks.xyz/courses/grte)

<details>

<summary>Podržite HackTricks</summary>

* Proverite [**planove pretplate**](https://github.com/sponsors/carlospolop)!
* **Pridružite se** 💬 [**Discord grupi**](https://discord.gg/hRep4RUj7f) ili [**telegram grupi**](https://t.me/peass) ili **pratite** nas na **Twitteru** 🐦 [**@hacktricks\_live**](https://twitter.com/hacktricks\_live)**.**
* **Podelite hakerske trikove slanjem PR-ova na** [**HackTricks**](https://github.com/carlospolop/hacktricks) i [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repozitorijume.

</details>
{% endhint %}

## Kreiranje i Montiranje Slike

{% content-ref url="../../generic-methodologies-and-resources/basic-forensic-methodology/image-acquisition-and-mount.md" %}
[image-acquisition-and-mount.md](../../generic-methodologies-and-resources/basic-forensic-methodology/image-acquisition-and-mount.md)
{% endcontent-ref %}

## Analiza Malvera

Ovo **nije nužno prvi korak koji treba preduzeti kada imate sliku**. Ali možete koristiti ove tehnike analize malvera nezavisno ako imate datoteku, sliku datotečnog sistema, sliku memorije, pcap... tako da je dobro **imati ove akcije na umu**:

{% content-ref url="malware-analysis.md" %}
[malware-analysis.md](malware-analysis.md)
{% endcontent-ref %}

## Istraživanje Slike

Ako vam je data **forenzička slika** uređaja, možete početi **analizirati particije, datotečni sistem** koji se koristi i **opraviti** potencijalno **zanimljive datoteke** (čak i obrisane). Saznajte kako u:

{% content-ref url="partitions-file-systems-carving/" %}
[partitions-file-systems-carving](partitions-file-systems-carving/)
{% endcontent-ref %}

U zavisnosti od korišćenih OS-ova i čak platformi, različiti zanimljivi artefakti treba da se pretražuju:

{% content-ref url="windows-forensics/" %}
[windows-forensics](windows-forensics/)
{% endcontent-ref %}

{% content-ref url="linux-forensics.md" %}
[linux-forensics.md](linux-forensics.md)
{% endcontent-ref %}

{% content-ref url="docker-forensics.md" %}
[docker-forensics.md](docker-forensics.md)
{% endcontent-ref %}

## Dubinska Istraživanja Specifičnih Tipova Datoteka i Softvera

Ako imate veoma **sumnjivu** **datoteku**, onda **u zavisnosti od tipa datoteke i softvera** koji je kreirao, nekoliko **trikova** može biti korisno.\
Pročitajte sledeću stranicu da biste saznali neke zanimljive trikove:

{% content-ref url="specific-software-file-type-tricks/" %}
[specific-software-file-type-tricks](specific-software-file-type-tricks/)
{% endcontent-ref %}

Želim da posebno pomenem stranicu:

{% content-ref url="specific-software-file-type-tricks/browser-artifacts.md" %}
[browser-artifacts.md](specific-software-file-type-tricks/browser-artifacts.md)
{% endcontent-ref %}

## Istraživanje Dump-a Memorije

{% content-ref url="memory-dump-analysis/" %}
[memory-dump-analysis](memory-dump-analysis/)
{% endcontent-ref %}

## Istraživanje Pcap-a

{% content-ref url="pcap-inspection/" %}
[pcap-inspection](pcap-inspection/)
{% endcontent-ref %}

## **Anti-forenzičke Tehnike**

Imajte na umu moguću upotrebu anti-forenzičkih tehnika:

{% content-ref url="anti-forensic-techniques.md" %}
[anti-forensic-techniques.md](anti-forensic-techniques.md)
{% endcontent-ref %}

## Lov na Pretnje

{% content-ref url="file-integrity-monitoring.md" %}
[file-integrity-monitoring.md](file-integrity-monitoring.md)
{% endcontent-ref %}

{% hint style="success" %}
Učite i vežbajte AWS Hacking:<img src="/.gitbook/assets/arte.png" alt="" data-size="line">[**HackTricks Training AWS Red Team Expert (ARTE)**](https://training.hacktricks.xyz/courses/arte)<img src="/.gitbook/assets/arte.png" alt="" data-size="line">\
Učite i vežbajte GCP Hacking: <img src="/.gitbook/assets/grte.png" alt="" data-size="line">[**HackTricks Training GCP Red Team Expert (GRTE)**<img src="/.gitbook/assets/grte.png" alt="" data-size="line">](https://training.hacktricks.xyz/courses/grte)

<details>

<summary>Podržite HackTricks</summary>

* Proverite [**planove pretplate**](https://github.com/sponsors/carlospolop)!
* **Pridružite se** 💬 [**Discord grupi**](https://discord.gg/hRep4RUj7f) ili [**telegram grupi**](https://t.me/peass) ili **pratite** nas na **Twitteru** 🐦 [**@hacktricks\_live**](https://twitter.com/hacktricks\_live)**.**
* **Podelite hakerske trikove slanjem PR-ova na** [**HackTricks**](https://github.com/carlospolop/hacktricks) i [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repozitorijume.

</details>
{% endhint %}
Translated ['crypto-and-stego/cryptographic-algorithms/unpacking-binarie 2024-07-19 04:51:32 +00:00			`# Osnovna Forenzička Metodologija`

			`{% hint style="success" %}`
			`Učite i vežbajte AWS Hacking:<img src="/.gitbook/assets/arte.png" alt="" data-size="line">[HackTricks Training AWS Red Team Expert (ARTE)](https://training.hacktricks.xyz/courses/arte)<img src="/.gitbook/assets/arte.png" alt="" data-size="line">\`
			`Učite i vežbajte GCP Hacking: <img src="/.gitbook/assets/grte.png" alt="" data-size="line">[HackTricks Training GCP Red Team Expert (GRTE)<img src="/.gitbook/assets/grte.png" alt="" data-size="line">](https://training.hacktricks.xyz/courses/grte)`
Ad hacktricks sponsoring 2022-04-28 16:01:33 +00:00
			`<details>`

Translated ['crypto-and-stego/cryptographic-algorithms/unpacking-binarie 2024-07-19 04:51:32 +00:00			`<summary>Podržite HackTricks</summary>`
Ad hacktricks sponsoring 2022-04-28 16:01:33 +00:00
Translated ['crypto-and-stego/cryptographic-algorithms/unpacking-binarie 2024-07-19 04:51:32 +00:00			`* Proverite [planove pretplate](https://github.com/sponsors/carlospolop)!`
			`* Pridružite se 💬 [Discord grupi](https://discord.gg/hRep4RUj7f) ili [telegram grupi](https://t.me/peass) ili pratite nas na Twitteru 🐦 [@hacktricks\_live](https://twitter.com/hacktricks\_live).`
			`* Podelite hakerske trikove slanjem PR-ova na [HackTricks](https://github.com/carlospolop/hacktricks) i [HackTricks Cloud](https://github.com/carlospolop/hacktricks-cloud) github repozitorijume.`
Ad hacktricks sponsoring 2022-04-28 16:01:33 +00:00
			`</details>`
Translated ['crypto-and-stego/cryptographic-algorithms/unpacking-binarie 2024-07-19 04:51:32 +00:00			`{% endhint %}`
Ad hacktricks sponsoring 2022-04-28 16:01:33 +00:00
Translated ['crypto-and-stego/cryptographic-algorithms/unpacking-binarie 2024-07-19 04:51:32 +00:00			`## Kreiranje i Montiranje Slike`
GitBook: [master] 2 pages modified 2021-05-28 17:29:30 +00:00
GitBook: [#3475] No subject 2022-09-09 11:57:02 +00:00			`{% content-ref url="../../generic-methodologies-and-resources/basic-forensic-methodology/image-acquisition-and-mount.md" %}`
			`[image-acquisition-and-mount.md](../../generic-methodologies-and-resources/basic-forensic-methodology/image-acquisition-and-mount.md)`
GitBook: [#2777] gitbookissooooo slow I cannot write 2021-10-18 11:21:18 +00:00			`{% endcontent-ref %}`
GitBook: [master] 2 pages modified 2021-05-28 17:29:30 +00:00
Translated ['crypto-and-stego/cryptographic-algorithms/unpacking-binarie 2024-07-19 04:51:32 +00:00			`## Analiza Malvera`
GitBook: [master] 7 pages modified 2021-05-28 17:51:59 +00:00
Translated ['crypto-and-stego/cryptographic-algorithms/unpacking-binarie 2024-07-19 04:51:32 +00:00			`Ovo nije nužno prvi korak koji treba preduzeti kada imate sliku. Ali možete koristiti ove tehnike analize malvera nezavisno ako imate datoteku, sliku datotečnog sistema, sliku memorije, pcap... tako da je dobro imati ove akcije na umu:`
GitBook: [master] 7 pages modified 2021-05-28 17:51:59 +00:00
GitBook: [#2777] gitbookissooooo slow I cannot write 2021-10-18 11:21:18 +00:00			`{% content-ref url="malware-analysis.md" %}`
			`[malware-analysis.md](malware-analysis.md)`
			`{% endcontent-ref %}`
GitBook: [master] 7 pages modified 2021-05-28 17:51:59 +00:00
Translated ['crypto-and-stego/cryptographic-algorithms/unpacking-binarie 2024-07-19 04:51:32 +00:00			`## Istraživanje Slike`
GitBook: [master] 7 pages and 6 assets modified 2021-05-28 17:07:52 +00:00
Translated ['crypto-and-stego/cryptographic-algorithms/unpacking-binarie 2024-07-19 04:51:32 +00:00			`Ako vam je data forenzička slika uređaja, možete početi analizirati particije, datotečni sistem koji se koristi i opraviti potencijalno zanimljive datoteke (čak i obrisane). Saznajte kako u:`
GitBook: [master] 7 pages and 6 assets modified 2021-05-28 17:07:52 +00:00
GitBook: [#2777] gitbookissooooo slow I cannot write 2021-10-18 11:21:18 +00:00			`{% content-ref url="partitions-file-systems-carving/" %}`
			`[partitions-file-systems-carving](partitions-file-systems-carving/)`
			`{% endcontent-ref %}`
GitBook: [master] 7 pages and 6 assets modified 2021-05-28 17:07:52 +00:00
Translated ['crypto-and-stego/cryptographic-algorithms/unpacking-binarie 2024-07-19 04:51:32 +00:00			`U zavisnosti od korišćenih OS-ova i čak platformi, različiti zanimljivi artefakti treba da se pretražuju:`
GitBook: [master] 11 pages modified 2021-05-28 17:24:45 +00:00
GitBook: [#2777] gitbookissooooo slow I cannot write 2021-10-18 11:21:18 +00:00			`{% content-ref url="windows-forensics/" %}`
			`[windows-forensics](windows-forensics/)`
			`{% endcontent-ref %}`
GitBook: [master] 11 pages modified 2021-05-28 17:24:45 +00:00
GitBook: [#2777] gitbookissooooo slow I cannot write 2021-10-18 11:21:18 +00:00			`{% content-ref url="linux-forensics.md" %}`
			`[linux-forensics.md](linux-forensics.md)`
			`{% endcontent-ref %}`
GitBook: [master] 11 pages modified 2021-05-28 17:24:45 +00:00
GitBook: [#2777] gitbookissooooo slow I cannot write 2021-10-18 11:21:18 +00:00			`{% content-ref url="docker-forensics.md" %}`
			`[docker-forensics.md](docker-forensics.md)`
			`{% endcontent-ref %}`
GitBook: [master] 11 pages modified 2021-05-28 17:24:45 +00:00
Translated ['crypto-and-stego/cryptographic-algorithms/unpacking-binarie 2024-07-19 04:51:32 +00:00			`## Dubinska Istraživanja Specifičnih Tipova Datoteka i Softvera`
GitBook: [master] 11 pages modified 2021-05-28 17:24:45 +00:00
Translated ['crypto-and-stego/cryptographic-algorithms/unpacking-binarie 2024-07-19 04:51:32 +00:00			`Ako imate veoma sumnjivu datoteku, onda u zavisnosti od tipa datoteke i softvera koji je kreirao, nekoliko trikova može biti korisno.\`
			`Pročitajte sledeću stranicu da biste saznali neke zanimljive trikove:`
GitBook: [master] 11 pages modified 2021-05-28 17:24:45 +00:00
GitBook: [#2777] gitbookissooooo slow I cannot write 2021-10-18 11:21:18 +00:00			`{% content-ref url="specific-software-file-type-tricks/" %}`
			`[specific-software-file-type-tricks](specific-software-file-type-tricks/)`
			`{% endcontent-ref %}`
GitBook: [master] 11 pages modified 2021-05-28 17:24:45 +00:00
Translated to Serbian 2024-02-10 13:11:20 +00:00			`Želim da posebno pomenem stranicu:`
GitBook: [master] 11 pages modified 2021-05-28 17:24:45 +00:00
GitBook: [#2777] gitbookissooooo slow I cannot write 2021-10-18 11:21:18 +00:00			`{% content-ref url="specific-software-file-type-tricks/browser-artifacts.md" %}`
			`[browser-artifacts.md](specific-software-file-type-tricks/browser-artifacts.md)`
			`{% endcontent-ref %}`
GitBook: [master] 11 pages modified 2021-05-28 17:24:45 +00:00
Translated ['crypto-and-stego/cryptographic-algorithms/unpacking-binarie 2024-07-19 04:51:32 +00:00			`## Istraživanje Dump-a Memorije`
GitBook: [master] 46 pages modified 2021-05-28 17:27:17 +00:00
GitBook: [#2777] gitbookissooooo slow I cannot write 2021-10-18 11:21:18 +00:00			`{% content-ref url="memory-dump-analysis/" %}`
			`[memory-dump-analysis](memory-dump-analysis/)`
			`{% endcontent-ref %}`
GitBook: [master] 46 pages modified 2021-05-28 17:27:17 +00:00
Translated ['crypto-and-stego/cryptographic-algorithms/unpacking-binarie 2024-07-19 04:51:32 +00:00			`## Istraživanje Pcap-a`
GitBook: [master] 7 pages and 6 assets modified 2021-05-28 17:07:52 +00:00
GitBook: [#2777] gitbookissooooo slow I cannot write 2021-10-18 11:21:18 +00:00			`{% content-ref url="pcap-inspection/" %}`
			`[pcap-inspection](pcap-inspection/)`
			`{% endcontent-ref %}`
GitBook: [master] 351 pages and 442 assets modified 2020-07-15 15:43:14 +00:00
Translated ['crypto-and-stego/cryptographic-algorithms/unpacking-binarie 2024-07-19 04:51:32 +00:00			`## Anti-forenzičke Tehnike`
GitBook: [master] 351 pages and 442 assets modified 2020-07-15 15:43:14 +00:00
Translated to Serbian 2024-02-10 13:11:20 +00:00			`Imajte na umu moguću upotrebu anti-forenzičkih tehnika:`
GitBook: [master] 351 pages and 442 assets modified 2020-07-15 15:43:14 +00:00
GitBook: [#2777] gitbookissooooo slow I cannot write 2021-10-18 11:21:18 +00:00			`{% content-ref url="anti-forensic-techniques.md" %}`
			`[anti-forensic-techniques.md](anti-forensic-techniques.md)`
			`{% endcontent-ref %}`
GitBook: [master] 351 pages and 442 assets modified 2020-07-15 15:43:14 +00:00
Translated ['crypto-and-stego/cryptographic-algorithms/unpacking-binarie 2024-07-19 04:51:32 +00:00			`## Lov na Pretnje`
GitBook: [master] 3 pages modified 2021-09-06 15:03:23 +00:00
GitBook: [#2777] gitbookissooooo slow I cannot write 2021-10-18 11:21:18 +00:00			`{% content-ref url="file-integrity-monitoring.md" %}`
			`[file-integrity-monitoring.md](file-integrity-monitoring.md)`
			`{% endcontent-ref %}`
GitBook: [master] 3 pages modified 2021-09-06 15:03:23 +00:00
Translated ['crypto-and-stego/cryptographic-algorithms/unpacking-binarie 2024-07-19 04:51:32 +00:00			`{% hint style="success" %}`
			`Učite i vežbajte AWS Hacking:<img src="/.gitbook/assets/arte.png" alt="" data-size="line">[HackTricks Training AWS Red Team Expert (ARTE)](https://training.hacktricks.xyz/courses/arte)<img src="/.gitbook/assets/arte.png" alt="" data-size="line">\`
			`Učite i vežbajte GCP Hacking: <img src="/.gitbook/assets/grte.png" alt="" data-size="line">[HackTricks Training GCP Red Team Expert (GRTE)<img src="/.gitbook/assets/grte.png" alt="" data-size="line">](https://training.hacktricks.xyz/courses/grte)`

Ad hacktricks sponsoring 2022-04-28 16:01:33 +00:00			`<details>`

Translated ['crypto-and-stego/cryptographic-algorithms/unpacking-binarie 2024-07-19 04:51:32 +00:00			`<summary>Podržite HackTricks</summary>`
Ad hacktricks sponsoring 2022-04-28 16:01:33 +00:00
Translated ['crypto-and-stego/cryptographic-algorithms/unpacking-binarie 2024-07-19 04:51:32 +00:00			`* Proverite [planove pretplate](https://github.com/sponsors/carlospolop)!`
			`* Pridružite se 💬 [Discord grupi](https://discord.gg/hRep4RUj7f) ili [telegram grupi](https://t.me/peass) ili pratite nas na Twitteru 🐦 [@hacktricks\_live](https://twitter.com/hacktricks\_live).`
			`* Podelite hakerske trikove slanjem PR-ova na [HackTricks](https://github.com/carlospolop/hacktricks) i [HackTricks Cloud](https://github.com/carlospolop/hacktricks-cloud) github repozitorijume.`
Ad hacktricks sponsoring 2022-04-28 16:01:33 +00:00
			`</details>`
Translated ['crypto-and-stego/cryptographic-algorithms/unpacking-binarie 2024-07-19 04:51:32 +00:00			`{% endhint %}`