hacktricks/forensics/basic-forensic-methodology
2024-03-14 23:40:07 +00:00
..
memory-dump-analysis Translated to Swahili 2024-02-11 02:13:58 +00:00
partitions-file-systems-carving Translated ['README.md', 'forensics/basic-forensic-methodology/partition 2024-03-14 23:40:07 +00:00
pcap-inspection Translated to Swahili 2024-02-11 02:13:58 +00:00
specific-software-file-type-tricks Translated ['forensics/basic-forensic-methodology/specific-software-file 2024-02-18 14:54:02 +00:00
windows-forensics Translated to Swahili 2024-02-11 02:13:58 +00:00
anti-forensic-techniques.md Translated to Swahili 2024-02-11 02:13:58 +00:00
docker-forensics.md Translated to Swahili 2024-02-11 02:13:58 +00:00
file-integrity-monitoring.md Translated to Swahili 2024-02-11 02:13:58 +00:00
linux-forensics.md Translated to Swahili 2024-02-11 02:13:58 +00:00
malware-analysis.md Translated to Swahili 2024-02-11 02:13:58 +00:00
README.md Translated to Swahili 2024-02-11 02:13:58 +00:00

Mbinu Msingi za Uchunguzi wa Kiforensiki

Jifunze kuhusu kudukua AWS kutoka sifuri hadi shujaa na htARTE (Mtaalam wa Timu Nyekundu ya AWS ya HackTricks)!

Kuunda na Kufunga Picha

{% content-ref url="../../generic-methodologies-and-resources/basic-forensic-methodology/image-acquisition-and-mount.md" %} image-acquisition-and-mount.md {% endcontent-ref %}

Uchambuzi wa Programu Hasidi

Hii siyo hatua ya kwanza inayofaa kufanywa mara baada ya kupata picha. Lakini unaweza kutumia mbinu hizi za uchambuzi wa programu hasidi kwa uhuru ikiwa una faili, picha ya mfumo wa faili, picha ya kumbukumbu, pcap... kwa hivyo ni vizuri kuzingatia hatua hizi:

{% content-ref url="malware-analysis.md" %} malware-analysis.md {% endcontent-ref %}

Ukaguzi wa Picha

Ikiwa umepewa picha ya kiforensiki ya kifaa, unaweza kuanza uchambuzi wa sehemu, mfumo wa faili uliotumika na kurejesha faili za kuvutia (hata zile zilizofutwa). Jifunze jinsi ya kufanya hivyo katika:

{% content-ref url="partitions-file-systems-carving/" %} partitions-file-systems-carving {% endcontent-ref %}

Kulingana na mfumo wa uendeshaji uliotumika na hata jukwaa tofauti, alama za kuvutia zinapaswa kutafutwa:

{% content-ref url="windows-forensics/" %} windows-forensics {% endcontent-ref %}

{% content-ref url="linux-forensics.md" %} linux-forensics.md {% endcontent-ref %}

{% content-ref url="docker-forensics.md" %} docker-forensics.md {% endcontent-ref %}

Ukaguzi Mpana wa Aina Maalum za Faili na Programu

Ikiwa una faili tatanishi sana, basi kulingana na aina ya faili na programu iliyounda, mbinu kadhaa zinaweza kuwa na manufaa.
Soma ukurasa ufuatao ili kujifunza mbinu za kuvutia:

{% content-ref url="specific-software-file-type-tricks/" %} specific-software-file-type-tricks {% endcontent-ref %}

Nataka kutoa maelezo maalum kwa ukurasa:

{% content-ref url="specific-software-file-type-tricks/browser-artifacts.md" %} browser-artifacts.md {% endcontent-ref %}

Ukaguzi wa Kumbukumbu ya Mwendo

{% content-ref url="memory-dump-analysis/" %} memory-dump-analysis {% endcontent-ref %}

Ukaguzi wa Pcap

{% content-ref url="pcap-inspection/" %} pcap-inspection {% endcontent-ref %}

Mbinu za Kuzuia Uchunguzi wa Kiforensiki

Kumbuka matumizi yanayowezekana ya mbinu za kuzuia uchunguzi wa kiforensiki:

{% content-ref url="anti-forensic-techniques.md" %} anti-forensic-techniques.md {% endcontent-ref %}

Uwindaji wa Tishio

{% content-ref url="file-integrity-monitoring.md" %} file-integrity-monitoring.md {% endcontent-ref %}

Jifunze kuhusu kudukua AWS kutoka sifuri hadi shujaa na htARTE (Mtaalam wa Timu Nyekundu ya AWS ya HackTricks)!