2024-02-11 02:07:06 +00:00
# Basiese Forensiese Metodologie
2022-04-28 16:01:33 +00:00
2024-07-19 04:54:19 +00:00
{% hint style="success" %}
Leer & oefen AWS Hacking:< img src = "/.gitbook/assets/arte.png" alt = "" data-size = "line" > [**HackTricks Opleiding AWS Red Team Expert (ARTE)**](https://training.hacktricks.xyz/courses/arte)< img src = "/.gitbook/assets/arte.png" alt = "" data-size = "line" > \
Leer & oefen GCP Hacking: < img src = "/.gitbook/assets/grte.png" alt = "" data-size = "line" > [**HackTricks Opleiding GCP Red Team Expert (GRTE)**< img src = "/.gitbook/assets/grte.png" alt = "" data-size = "line" > ](https://training.hacktricks.xyz/courses/grte)
2022-04-28 16:01:33 +00:00
< details >
2024-07-19 04:54:19 +00:00
< summary > Ondersteun HackTricks< / summary >
2022-04-28 16:01:33 +00:00
2024-07-19 04:54:19 +00:00
* Kyk na die [**subskripsie planne** ](https://github.com/sponsors/carlospolop )!
* **Sluit aan by die** 💬 [**Discord groep** ](https://discord.gg/hRep4RUj7f ) of die [**telegram groep** ](https://t.me/peass ) of **volg** ons op **Twitter** 🐦 [**@hacktricks\_live** ](https://twitter.com/hacktricks\_live )**.**
* **Deel hacking truuks deur PRs in te dien na die** [**HackTricks** ](https://github.com/carlospolop/hacktricks ) en [**HackTricks Cloud** ](https://github.com/carlospolop/hacktricks-cloud ) github repos.
2022-04-28 16:01:33 +00:00
< / details >
2024-07-19 04:54:19 +00:00
{% endhint %}
2022-04-28 16:01:33 +00:00
2024-02-11 02:07:06 +00:00
## Skep en Monteer 'n Beeld
2021-05-28 17:29:30 +00:00
2022-09-09 11:57:02 +00:00
{% content-ref url="../../generic-methodologies-and-resources/basic-forensic-methodology/image-acquisition-and-mount.md" %}
[image-acquisition-and-mount.md ](../../generic-methodologies-and-resources/basic-forensic-methodology/image-acquisition-and-mount.md )
2021-10-18 11:21:18 +00:00
{% endcontent-ref %}
2021-05-28 17:29:30 +00:00
2024-07-19 04:54:19 +00:00
## Malware Analise
2021-05-28 17:51:59 +00:00
2024-07-19 04:54:19 +00:00
Dit **is nie noodwendig die eerste stap om uit te voer sodra jy die beeld het nie** . Maar jy kan hierdie malware analise tegnieke onafhanklik gebruik as jy 'n lêer, 'n lêerstelsel beeld, geheue beeld, pcap... het, so dit is goed om **hierdie aksies in gedagte te hou** :
2021-05-28 17:51:59 +00:00
2021-10-18 11:21:18 +00:00
{% content-ref url="malware-analysis.md" %}
[malware-analysis.md ](malware-analysis.md )
{% endcontent-ref %}
2021-05-28 17:51:59 +00:00
2024-02-11 02:07:06 +00:00
## Inspekteer 'n Beeld
2021-05-28 17:07:52 +00:00
2024-07-19 04:54:19 +00:00
As jy 'n **forensiese beeld** van 'n toestel ontvang, kan jy begin **die partisie, lêerstelsel** wat gebruik word en **herstel** potensieel **interessante lêers** (selfs verwyderde) analiseer. Leer hoe in:
2021-05-28 17:07:52 +00:00
2021-10-18 11:21:18 +00:00
{% content-ref url="partitions-file-systems-carving/" %}
[partitions-file-systems-carving ](partitions-file-systems-carving/ )
{% endcontent-ref %}
2021-05-28 17:07:52 +00:00
2024-07-19 04:54:19 +00:00
Afhangende van die gebruikte OS's en selfs platform, moet verskillende interessante artefakte gesoek word:
2021-05-28 17:24:45 +00:00
2021-10-18 11:21:18 +00:00
{% content-ref url="windows-forensics/" %}
[windows-forensics ](windows-forensics/ )
{% endcontent-ref %}
2021-05-28 17:24:45 +00:00
2021-10-18 11:21:18 +00:00
{% content-ref url="linux-forensics.md" %}
[linux-forensics.md ](linux-forensics.md )
{% endcontent-ref %}
2021-05-28 17:24:45 +00:00
2021-10-18 11:21:18 +00:00
{% content-ref url="docker-forensics.md" %}
[docker-forensics.md ](docker-forensics.md )
{% endcontent-ref %}
2021-05-28 17:24:45 +00:00
2024-07-19 04:54:19 +00:00
## Diep inspeksie van spesifieke lêer-tipes en Sagteware
2021-05-28 17:24:45 +00:00
2024-07-19 04:54:19 +00:00
As jy 'n baie **verdagte** **lêer** het, dan **afhangende van die lêer-tipe en sagteware** wat dit geskep het, kan verskeie **truuks** nuttig wees.\
2024-02-11 02:07:06 +00:00
Lees die volgende bladsy om 'n paar interessante truuks te leer:
2021-05-28 17:24:45 +00:00
2021-10-18 11:21:18 +00:00
{% content-ref url="specific-software-file-type-tricks/" %}
[specific-software-file-type-tricks ](specific-software-file-type-tricks/ )
{% endcontent-ref %}
2021-05-28 17:24:45 +00:00
2024-02-11 02:07:06 +00:00
Ek wil 'n spesiale vermelding maak van die bladsy:
2021-05-28 17:24:45 +00:00
2021-10-18 11:21:18 +00:00
{% content-ref url="specific-software-file-type-tricks/browser-artifacts.md" %}
[browser-artifacts.md ](specific-software-file-type-tricks/browser-artifacts.md )
{% endcontent-ref %}
2021-05-28 17:24:45 +00:00
2024-07-19 04:54:19 +00:00
## Geheue Dump Inspekteer
2021-05-28 17:27:17 +00:00
2021-10-18 11:21:18 +00:00
{% content-ref url="memory-dump-analysis/" %}
[memory-dump-analysis ](memory-dump-analysis/ )
{% endcontent-ref %}
2021-05-28 17:27:17 +00:00
2024-07-19 04:54:19 +00:00
## Pcap Inspekteer
2021-05-28 17:07:52 +00:00
2021-10-18 11:21:18 +00:00
{% content-ref url="pcap-inspection/" %}
[pcap-inspection ](pcap-inspection/ )
{% endcontent-ref %}
2020-07-15 15:43:14 +00:00
2024-02-11 02:07:06 +00:00
## **Anti-Forensiese Tegnieke**
2020-07-15 15:43:14 +00:00
2024-07-19 04:54:19 +00:00
Hou in gedagte die moontlike gebruik van anti-forensiese tegnieke:
2020-07-15 15:43:14 +00:00
2021-10-18 11:21:18 +00:00
{% content-ref url="anti-forensic-techniques.md" %}
[anti-forensic-techniques.md ](anti-forensic-techniques.md )
{% endcontent-ref %}
2020-07-15 15:43:14 +00:00
2024-07-19 04:54:19 +00:00
## Bedreiging Jag
2021-09-06 15:03:23 +00:00
2021-10-18 11:21:18 +00:00
{% content-ref url="file-integrity-monitoring.md" %}
[file-integrity-monitoring.md ](file-integrity-monitoring.md )
{% endcontent-ref %}
2021-09-06 15:03:23 +00:00
2024-07-19 04:54:19 +00:00
{% hint style="success" %}
Leer & oefen AWS Hacking:< img src = "/.gitbook/assets/arte.png" alt = "" data-size = "line" > [**HackTricks Opleiding AWS Red Team Expert (ARTE)**](https://training.hacktricks.xyz/courses/arte)< img src = "/.gitbook/assets/arte.png" alt = "" data-size = "line" > \
Leer & oefen GCP Hacking: < img src = "/.gitbook/assets/grte.png" alt = "" data-size = "line" > [**HackTricks Opleiding GCP Red Team Expert (GRTE)**< img src = "/.gitbook/assets/grte.png" alt = "" data-size = "line" > ](https://training.hacktricks.xyz/courses/grte)
2022-04-28 16:01:33 +00:00
< details >
2024-07-19 04:54:19 +00:00
< summary > Ondersteun HackTricks< / summary >
2022-04-28 16:01:33 +00:00
2024-07-19 04:54:19 +00:00
* Kyk na die [**subskripsie planne** ](https://github.com/sponsors/carlospolop )!
* **Sluit aan by die** 💬 [**Discord groep** ](https://discord.gg/hRep4RUj7f ) of die [**telegram groep** ](https://t.me/peass ) of **volg** ons op **Twitter** 🐦 [**@hacktricks\_live** ](https://twitter.com/hacktricks\_live )**.**
* **Deel hacking truuks deur PRs in te dien na die** [**HackTricks** ](https://github.com/carlospolop/hacktricks ) en [**HackTricks Cloud** ](https://github.com/carlospolop/hacktricks-cloud ) github repos.
2022-04-28 16:01:33 +00:00
< / details >
2024-07-19 04:54:19 +00:00
{% endhint %}
