hacktricks/generic-methodologies-and-resources/basic-forensic-methodology
2024-09-04 13:34:45 +00:00
..
memory-dump-analysis Translated ['binary-exploitation/basic-stack-binary-exploitation-methodo 2024-07-18 22:15:30 +00:00
partitions-file-systems-carving Translated ['README.md', 'crypto-and-stego/hash-length-extension-attack. 2024-09-04 13:34:45 +00:00
pcap-inspection Translated ['README.md', 'crypto-and-stego/hash-length-extension-attack. 2024-09-04 13:34:45 +00:00
specific-software-file-type-tricks Translated ['generic-methodologies-and-resources/basic-forensic-methodol 2024-07-19 10:15:49 +00:00
windows-forensics Translated ['binary-exploitation/basic-stack-binary-exploitation-methodo 2024-07-18 22:15:30 +00:00
anti-forensic-techniques.md Translated ['binary-exploitation/basic-stack-binary-exploitation-methodo 2024-07-18 22:15:30 +00:00
docker-forensics.md Translated ['1911-pentesting-fox.md', '6881-udp-pentesting-bittorrent.md 2024-07-18 18:27:34 +00:00
file-integrity-monitoring.md Translated ['1911-pentesting-fox.md', '6881-udp-pentesting-bittorrent.md 2024-07-18 18:27:34 +00:00
image-acquisition-and-mount.md Translated ['crypto-and-stego/cryptographic-algorithms/unpacking-binarie 2024-07-19 04:51:32 +00:00
linux-forensics.md Translated ['crypto-and-stego/cryptographic-algorithms/unpacking-binarie 2024-07-19 04:51:32 +00:00
malware-analysis.md Translated ['1911-pentesting-fox.md', '6881-udp-pentesting-bittorrent.md 2024-07-18 18:27:34 +00:00
README.md Translated ['crypto-and-stego/cryptographic-algorithms/unpacking-binarie 2024-07-19 04:51:32 +00:00

Osnovna Forenzička Metodologija

{% hint style="success" %} Učite i vežbajte AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE)
Učite i vežbajte GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE)

Podržite HackTricks
{% endhint %}

Kreiranje i Montiranje Slike

{% content-ref url="../../generic-methodologies-and-resources/basic-forensic-methodology/image-acquisition-and-mount.md" %} image-acquisition-and-mount.md {% endcontent-ref %}

Analiza Malvera

Ovo nije nužno prvi korak koji treba preduzeti kada imate sliku. Ali možete koristiti ove tehnike analize malvera nezavisno ako imate datoteku, sliku datotečnog sistema, sliku memorije, pcap... tako da je dobro imati na umu ove akcije:

{% content-ref url="malware-analysis.md" %} malware-analysis.md {% endcontent-ref %}

Istraživanje Slike

Ako vam je data forenzička slika uređaja, možete početi analizirati particije, datotečni sistem koji se koristi i opraviti potencijalno zanimljive datoteke (čak i obrisane). Saznajte kako u:

{% content-ref url="partitions-file-systems-carving/" %} partitions-file-systems-carving {% endcontent-ref %}

U zavisnosti od korišćenih OS-ova i čak platformi, različiti zanimljivi artefakti treba da se pretražuju:

{% content-ref url="windows-forensics/" %} windows-forensics {% endcontent-ref %}

{% content-ref url="linux-forensics.md" %} linux-forensics.md {% endcontent-ref %}

{% content-ref url="docker-forensics.md" %} docker-forensics.md {% endcontent-ref %}

Dubinska Inspekcija Specifičnih Tipova Datoteka i Softvera

Ako imate veoma sumnjivu datoteku, onda u zavisnosti od tipa datoteke i softvera koji je kreirao, nekoliko trikova može biti korisno.
Pročitajte sledeću stranicu da biste saznali neke zanimljive trikove:

{% content-ref url="specific-software-file-type-tricks/" %} specific-software-file-type-tricks {% endcontent-ref %}

Želim da posebno pomenem stranicu:

{% content-ref url="specific-software-file-type-tricks/browser-artifacts.md" %} browser-artifacts.md {% endcontent-ref %}

Inspekcija Dump-a Memorije

{% content-ref url="memory-dump-analysis/" %} memory-dump-analysis {% endcontent-ref %}

Inspekcija Pcap-a

{% content-ref url="pcap-inspection/" %} pcap-inspection {% endcontent-ref %}

Anti-forenzičke Tehnike

Imajte na umu moguću upotrebu anti-forenzičkih tehnika:

{% content-ref url="anti-forensic-techniques.md" %} anti-forensic-techniques.md {% endcontent-ref %}

Lov na Pretnje

{% content-ref url="file-integrity-monitoring.md" %} file-integrity-monitoring.md {% endcontent-ref %}

{% hint style="success" %} Učite i vežbajte AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE)
Učite i vežbajte GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE)

Podržite HackTricks
{% endhint %}