hacktricks/generic-methodologies-and-resources/basic-forensic-methodology
2024-05-02 15:14:31 +00:00
..
memory-dump-analysis Translated ['README.md', 'binary-exploitation/arbitrary-write-2-exec/REA 2024-04-07 03:36:12 +00:00
partitions-file-systems-carving Translated ['README.md', 'binary-exploitation/arbitrary-write-2-exec/REA 2024-04-07 03:36:12 +00:00
pcap-inspection Translated ['README.md', 'crypto-and-stego/hash-length-extension-attack. 2024-04-18 04:08:12 +00:00
specific-software-file-type-tricks Translated ['README.md', 'binary-exploitation/arbitrary-write-2-exec/REA 2024-04-07 03:36:12 +00:00
windows-forensics Translated ['README.md', 'binary-exploitation/arbitrary-write-2-exec/REA 2024-04-07 03:36:12 +00:00
anti-forensic-techniques.md Translated ['README.md', 'binary-exploitation/arbitrary-write-2-exec/REA 2024-04-07 03:36:12 +00:00
docker-forensics.md Translated ['README.md', 'binary-exploitation/arbitrary-write-2-exec/REA 2024-04-07 03:36:12 +00:00
file-integrity-monitoring.md Translated ['README.md', 'binary-exploitation/arbitrary-write-2-exec/REA 2024-04-07 03:36:12 +00:00
image-acquisition-and-mount.md Translated ['binary-exploitation/rop-return-oriented-programing/ret2lib/ 2024-05-02 15:14:31 +00:00
linux-forensics.md Translated ['README.md', 'binary-exploitation/arbitrary-write-2-exec/REA 2024-04-07 03:36:12 +00:00
malware-analysis.md Translated ['README.md', 'binary-exploitation/arbitrary-write-2-exec/REA 2024-04-07 03:36:12 +00:00
README.md Translated ['README.md', 'binary-exploitation/arbitrary-write-2-exec/REA 2024-04-07 03:36:12 +00:00

Mbinu Msingi za Uchunguzi wa Kielektroniki

Jifunze kuhusu kudukua AWS kutoka mwanzo hadi mtaalamu na htARTE (Mtaalamu wa Timu Nyekundu ya AWS ya HackTricks)!

Kuunda na Kusanidi Picha

{% content-ref url="../../generic-methodologies-and-resources/basic-forensic-methodology/image-acquisition-and-mount.md" %} image-acquisition-and-mount.md {% endcontent-ref %}

Uchambuzi wa Programu Hasidi

Hii si lazima hatua ya kwanza kufanya mara tu unapopata picha. Lakini unaweza kutumia mbinu hizi za uchambuzi wa programu hasidi kivyake ikiwa una faili, picha ya mfumo wa faili, picha ya kumbukumbu, pcap... kwa hivyo ni vizuri kuzingatia hatua hizi:

{% content-ref url="malware-analysis.md" %} malware-analysis.md {% endcontent-ref %}

Kuchunguza Picha

ikiwa unapewa picha ya kielektroniki ya kifaa unaweza kuanza uchambuzi wa sehemu, mfumo wa faili uliotumika na kurejesha faili za kuvutia (hata zile zilizofutwa). Jifunze jinsi ya kufanya hivyo:

{% content-ref url="partitions-file-systems-carving/" %} partitions-file-systems-carving {% endcontent-ref %}

Kulingana na OS zilizotumika na hata jukwaa tofauti, viashiria vya kuvutia vinapaswa kutafutwa:

{% content-ref url="windows-forensics/" %} windows-forensics {% endcontent-ref %}

{% content-ref url="linux-forensics.md" %} linux-forensics.md {% endcontent-ref %}

{% content-ref url="docker-forensics.md" %} docker-forensics.md {% endcontent-ref %}

Uchunguzi wa Kina wa Aina Maalum za Faili na Programu

Ikiwa una faili ya shaka sana, basi kulingana na aina ya faili na programu iliyounda, mbinu kadhaa zinaweza kuwa na manufaa.
Soma ukurasa ufuatao kujifunza mbinu za kuvutia:

{% content-ref url="specific-software-file-type-tricks/" %} specific-software-file-type-tricks {% endcontent-ref %}

Nataka kutoa kumbukumbu maalum kwa ukurasa:

{% content-ref url="specific-software-file-type-tricks/browser-artifacts.md" %} browser-artifacts.md {% endcontent-ref %}

Uchunguzi wa Kumbukumbu ya Mwisho

{% content-ref url="memory-dump-analysis/" %} memory-dump-analysis {% endcontent-ref %}

Uchunguzi wa Pcap

{% content-ref url="pcap-inspection/" %} pcap-inspection {% endcontent-ref %}

Mbinu za Kuzuia Uchunguzi

Kumbuka matumizi yanayowezekana ya mbinu za kuzuia uchunguzi:

{% content-ref url="anti-forensic-techniques.md" %} anti-forensic-techniques.md {% endcontent-ref %}

Uwindaji wa Vitisho

{% content-ref url="file-integrity-monitoring.md" %} file-integrity-monitoring.md {% endcontent-ref %}

Jifunze kuhusu kudukua AWS kutoka mwanzo hadi mtaalamu na htARTE (Mtaalamu wa Timu Nyekundu ya AWS ya HackTricks)!