Copy of RECON LAB Full Manual

Total Page:16

File Type:pdf, Size:1020Kb

Copy of RECON LAB Full Manual Copy of RECON LAB Full Manual Copy of RECON LAB Full Manual by SUMURI 1 / 62 Copy of RECON LAB Full Manual 1. INTRODUCTION ............................................................................................ 6 1.1. WHY USE A MAC FOR FORENSIC ANALYSIS? ......................................... 6 1.1.1. APPLE EXTENDED ATTRIBUTES ............................................................ 6 1.1.2. VIEWING PROPER TIMESTAMPS ........................................................... 7 1.1.3. VIEWING FILES NATIVELY ..................................................................... 7 1.1.4. APPLE FILE SYSTEM (APFS) .................................................................. 7 1.1.5. LOCAL TIME MACHINE SNAPSHOTS (APFS) ........................................... 7 1.1.6. FILEVAULT ........................................................................................... 8 1.1.7. SUPPORT FOR OTHER FILE SYSTEMS .................................................. 8 1.2. HYBRID PROCESSING ENGINE ................................................................ 8 1.3. THREE STAGE ANALYSIS ......................................................................... 8 1.4. SUPPORT FOR OVER 270 TIMESTAMPS .................................................. 8 1.5. ADVANCED TIMELINES ............................................................................ 9 1.6. ADVANCED DATA CORRELATION ............................................................ 9 1.7. ADVANCED REPORTING WITH FULL CONTROL ...................................... 9 2. RECOMMENDED MINIMUM REQUIREMENTS ............................................ 9 3. HELPFUL HINTS .......................................................................................... 10 4. GETTING SUPPORT .................................................................................... 10 5. RENEWING RECON LAB ............................................................................. 11 6. TRAINING ..................................................................................................... 11 7. INSTALLATION ............................................................................................ 11 7.1. INSTALLING XCODE AND COMMAND LINE TOOLS ................................. 12 7.2. INSTALLING FUSE FOR macOS ............................................................... 12 7.3. INSTALLING PARAGON DRIVERS ........................................................... 12 7.4. DOWNLOADING RECON LAB UPDATES .................................................. 13 7.5. INSTALLING RECON LAB ......................................................................... 13 7.6. GRANTING PRIVILEGES ......................................................................... 16 7.6.1. FULL DISK ACCESS ............................................................................ 16 7.7. ENERGY AND SLEEP SETTINGS ............................................................ 18 8. STARTING RECON LAB ............................................................................. 20 8.1. ADDING YOUR LICENSE ......................................................................... 20 8.2. INSTALLING PYTHON ............................................................................. 23 8.3. ADMIN PASSWORD ................................................................................ 23 8.4. ACCESS WARNING MESSAGES ............................................................. 23 8.5. RECON LAB WELCOME SCREEN ........................................................... 24 9. CONFIGURATION ....................................................................................... 25 9.1. EXAMINER DETAILS ............................................................................... 26 9.2. ARTIFACTS AND PLUGINS ..................................................................... 27 2 / 62 Copy of RECON LAB Full Manual 9.3. USER DEFINED EXTENSIONS ................................................................ 30 9.4. USER DEFINED FILE SIGNATURES ........................................................ 31 9.5. KEYWORD LISTS .................................................................................... 33 9.6. TEXT INDEXING FILTERS ....................................................................... 35 9.7. APPLE METADATA FILTERS ................................................................... 37 9.8. EXIF METADATA FILTERS ...................................................................... 38 9.9. VOLATILITY PATH ................................................................................... 39 9.10. SYSTEM PASSWORD ........................................................................... 39 9.11. TEXT VIEW SETTINGS .......................................................................... 40 9.12. EXTERNAL APPLICATIONS ................................................................... 41 10. STARTING A NEW CASE ......................................................................... 41 10.1. CASE INFO ............................................................................................ 41 10.2. ADDING SOURCE DATA TO PROCESS ................................................. 43 10.2.1. MOUNTED VOLUMES ........................................................................ 43 10.2.2. FORENSICS IMAGES ......................................................................... 43 10.2.3. FILEVAULT IMAGE ............................................................................ 44 10.2.4. FUSION IMAGE ................................................................................. 44 10.2.5. OPTICAL DISC IMAGE ....................................................................... 45 10.2.6. RAM IMAGE ...................................................................................... 46 10.2.7. IOS BACKUP ..................................................................................... 46 10.2.8. TIME MACHINE BACKUP .................................................................... 46 10.2.9. GOOGLE TAKEOUT ........................................................................... 47 10.2.10. MACOS HOME DIRECTORY .............................................................. 48 10.2.11. FOLDER ......................................................................................... 48 10.2.12. FILE ............................................................................................... 48 10.2.13. ADB ANDROID BACKUP ................................................................... 49 10.2.14. RECON LOGICAL IMAGE .................................................................. 49 10.3. ADDING SOURCE INFORMATION ......................................................... 49 10.4. ADDING MULTIPLE SOURCES .............................................................. 50 10.5. CASE DIRECTORY ................................................................................ 50 10.6. DATE AND TIME SETTINGS .................................................................. 50 10.7. FILE SYSTEM MODULES SELECTION .................................................. 50 10.7.1. APPLE METADATA MODULE .............................................................. 50 10.7.2. MIME TYPES MODULE ....................................................................... 50 10.7.3. SIGNATURE ANALYSIS MODULE ........................................................ 51 10.7.4. EXIF METADATA Module .................................................................... 51 10.7.5. HASHES MODULE ............................................................................. 51 10.8. ARTIFACT PLUGIN SELECTION MODULE ............................................. 51 3 / 62 Copy of RECON LAB Full Manual 11. RELOADING A CASE ................................................................................ 51 12. RECON LAB INTERFACE ......................................................................... 52 12.1. PROCESSING STATUS WINDOW .......................................................... 52 12.2. CASE VIEW ........................................................................................... 52 12.3. TOP MENU ............................................................................................ 52 12.4. MAIN COLUMNS .................................................................................... 52 12.5. CASE SIDEBAR ..................................................................................... 52 12.6. MAIN VIEWER WINDOW ....................................................................... 53 12.6.1. TABLE VIEW ..................................................................................... 53 12.6.1.1. RECURSIVE VIEW .......................................................................... 53 12.6.1.2. EXPORT TO CSV ........................................................................... 53 12.6.1.3. TABLE VIEW FILTER AND SEARCH ................................................... 53 12.6.1.4. NAVIGATION BUTTONS ................................................................... 53 12.6.2. GALLERY VIEW ................................................................................. 53 12.7. MULTIMEDIA PREVIEW PANE ............................................................... 53 12.8. VIEWER PANES .................................................................................... 53 12.8.1. DETAILED INFORMATION PANE ......................................................... 53 12.8.2. HEX VIEW PANE ..............................................................................
Recommended publications
  • Non-Binary Analysis
    The Art of Mac Malware: Analysis p. wardle (The Art of Mac Malware) Volume 1: Analysis Chapter 0x5: Non-Binary Analysis Note: This book is a work in progress. You are encouraged to directly comment on these pages ...suggesting edits, corrections, and/or additional content! To comment, simply highlight any content, then click the icon which appears (to the right on the document’s border). 1 The Art of Mac Malware: Analysis p. wardle Content made possible by our Friends of Objective-See: ​ ​ Airo SmugMug Guardian Firewall SecureMac iVerify Halo Privacy In the previous chapter, we showed how the file utility [1] can be used to effectively ​ ​ identify a sample’s file type. File type identification is important as the majority of static analysis tools are file type specific. Now, let’s look at various file types one commonly encounters while analyzing Mac malware. As noted, some file types (such as disk images and packages) are simply the malware’s “distribution packaging”. For these file types, the goal is to extract the malicious contents (often the malware’s installer). Of course, Mac malware itself comes in various file formats, such as scripts and binaries. For each file type, we’ll briefly discuss its purpose, as well as highlight static analysis tools that can be used to analyze the file format. Note: This chapter focuses on the analysis of non-binary file formats (such as scripts). ​ ​ Subsequent chapters will dive into macOS’s binary file format (Mach-O), as well as discuss both analysis tools and techniques. 2 The Art of Mac Malware: Analysis p.
    [Show full text]
  • View Managing Devices and Corporate Data On
    Overview Managing Devices & Corporate Data on iOS Overview Overview Contents Businesses everywhere are empowering their employees with iPhone and iPad. Overview Management Basics The key to a successful mobile strategy is balancing IT control with user Separating Work and enablement. By personalizing iOS devices with their own apps and content, Personal Data users take greater ownership and responsibility, leading to higher levels of Flexible Management Options engagement and increased productivity. This is enabled by Apple’s management Summary framework, which provides smart ways to manage corporate data and apps discretely, seamlessly separating work data from personal data. Additionally, users understand how their devices are being managed and trust that their privacy is protected. This document offers guidance on how essential IT control can be achieved while at the same time keeping users enabled with the best tools for their job. It complements the iOS Deployment Reference, a comprehensive online technical reference for deploying and managing iOS devices in your enterprise. To refer to the iOS Deployment Reference, visit help.apple.com/deployment/ios. Managing Devices and Corporate Data on iOS July 2018 2 Management Basics Management Basics With iOS, you can streamline iPhone and iPad deployments using a range of built-in techniques that allow you to simplify account setup, configure policies, distribute apps, and apply device restrictions remotely. Our simple framework With Apple’s unified management framework in iOS, macOS, tvOS, IT can configure and update settings, deploy applications, monitor compliance, query devices, and remotely wipe or lock devices. The framework supports both corporate-owned and user-owned as well as personally-owned devices.
    [Show full text]
  • Policy and Procedures
    Policy and Procedures PEER FORUM I: DISK IMAGING December 7-8, 2017 at The Museum of Modern Art The following notes came out of Peer Forum I: Disk Imaging, a discussion as part of the Media Conservation Initiative ​ at MoMA. These notes represent the views of the speakers and participants who attended this meeting. The following notes came out of Peer Forum I: Disk Imaging, a discussion as part of the Media Conservation Initiative ​ at MoMA. These notes represent the views of the speakers and participants who attended this meeting. Contributors Reinhard Bek, Conservator of Contemporary Art, Bek & Frohnert LLC ​ Amy Brost, Assistant Media Conservator, The Museum of Modern Art ​ Euan Cochrane (Speaker), Digital Preservation Manager, Yale University Library ​ ​ Eddy Colloton, Assistant Conservator specializing in Electronic Media, Denver Art Museum ​ Deena Engel (Moderator), Clinical Professor, Director of the Program in Digital Humanities and Social ​ ​ ​ Science; Department of Computer Science, Courant Institute of Mathematical Sciences, New York University Dragan Espenschied (Speaker), Preservation Director, Rhizome ​ ​ Patricia Falcão, Time-Based Media Conservator, Tate ​ Jonathan Farbowitz, Fellow in the Conservation of Computer-Based Art, The Solomon R. Guggenheim ​ Museum Briana Feston-Brunet, Variable Media Conservator, Hirshhorn Museum & Sculpture Garden ​ Dan Finn, Media Conservator, Smithsonian American Art Museum ​ Ben Fino-Radin, Founder, Small Data Industries ​ Flaminia Fortunato, Andrew W. Mellon Fellow in Media Conservation,
    [Show full text]
  • Apps by Grade Levels for Website
    The following is a list of the iOS Apps and instructional software that are made available by the district for our teachers to use. Not every app is used by every teacher and not every app is used daily, weekly, etc… Level 1: Instructional Apps and Software Utilized to Support Multiple Uses During Instruction. More commonly used for instruction. Level 2: Instructional Apps and Software Utilized to Support Content Specific Teaching Level 3: Instructional Apps and Software Utilized for Specific Projects, Individual Student Intervention Needs or Specialized Topics During the Year LEVEL 1: Apple Classroom, Epic!, Math IXL, Kids A-Z, KRA, SeeSaw, Self Service, Brain Pop Jr., Google Drive, LEVEL 2: 10 Fram Fill, ABC Magic, Chatter Pix, Hundred Board, Letter School, Little Speller, Marble Math, Math Bingo, Math Slide, Patterns, Starfall ABC’s, Writing Wizard, KINDERGARTEN ABC Ya Games, Expeditions, Khan Academy, Number Line, Number Pieces, 3 Letter Words,Math Tapper, Todo Math LEVEL 3: Montessori Words, Number Flash/Frames/Quiz, Spelling Bee, Word Bingo, Cork the Volcano Puzzlet, Draw and Tell, Sight Words, Tiggly Adventures, Toontastic 3D, Touchtronic 123/ABC LEVEL 1: Apple Classroom, Book Creator, Clips, Math IXL, Kids A-Z, Epic!, Brain Pop Jr., SeeSaw, Pages, Self Service LEVEL 2: 10 Fram Fill, Chatter Pix, Hands on Hundreds, Math Tapper, Number Rack, Writing Wizard, Geoboard, Montessori Crosswords, Number Line, Number Pieces, 1st Grade Vocabulary Spelling City, Math Drills LEVEL 3: Cork the Volcano, Doodle Buddy Draw, Pic Collage, Osmo Masterpiece,
    [Show full text]
  • 11 Cool Things.Cwk
    “Impress your students and friends!” 11 Cool Things to do with your iBook 1. Sherlock - Translating words and phrases Using the Translation channel in Sherlock, you can translate words and phrases between a number of different languages. For example, you can translate "apple" from English to French. 1. Open Sherlock and click Translation. 2. Type the word or phrase you want to translate in the Original Text box. 3. Choose the original language and the language you want to translate the word into from the pop-up menu, then click Translate. 4. You can select and copy the translation, then paste it into another application. 2. Safari - 3 Cool Things! 1. Built-in Google search - Safari includes Google searching in the address bar. Just type what you're looking for in the search box and press Return. 2. SnapBack as you browse - Safari lets you quickly return to your starting web page by clicking the SnapBack button in the address box. 3. Blocking pop-up windows - Safari can block pop-up windows so that you only see the web pages you want to see. Just choose Block Pop-up Windows from the Safari menu. 3. Any selected text can be spoken by your iBook. Do this: 1. Choose Apple menu > System Preferences and click Speech. 2. Click Spoken User Interface. 3. To have the computer speak the text that's highlighted when you press specific keys, select the "Selected text when the key is pressed" checkbox and enter the key or keys to press. For example, if you select a sentence on a web page and then press the keys you entered in the Spoken User Interface pane, the computer speaks the sentence.
    [Show full text]
  • Getting to Know Siri
    Chapter 1 Getting to Know Siri In This Chapter ▶ Seeing what — or rather, who — Siri is ▶ Setting up Siri for your personal use ▶ Exploring different ways to use Siri ▶ Finding out how to get fast and reliable replies ▶ Teaching Siri what to call you ongratulations! You’re now the owner of the most definitive Cguide to Siri on the planet. This easy-to-read For Dummies title will teach you everything you need to know about Siri — and then some. Be prepared to master all of Siri’s amazing features, at your own pace, so you can get a lot more out of your beloved iPhone, iPad (and iPad mini), or iPod touch. But first, a few words about my introduction to Siri, what Siri is exactly, and a bit of history. As a longtime technology reviewer, I firmly believe Siri (pronounced SEAR-ree) is the start of something very special, and it was love at first sight — er, speech. Here I am, sitting in the crowd at Apple headquarters in Cupertino, California, on October 4, 2011. The exclusive press event is called “Let’s Talk iPhone,” and like many other journalists and analysts in theCOPYRIGHTED room, I was expecting Apple CEO MATERIAL Tim Cook to take the wraps off the iPhone 5. When the iPhone 4S was initially debuted, you could sense the ini- tial disappointment among the attendees — after all, there were so many rumors leading up to the event that it seemed inevitable that a dramatically new smartphone would be unveiled that day. But that letdown feeling completely vanished the moment Siri was introduced.
    [Show full text]
  • Langley Aerospace Test Highlights 1990
    Langley Aerospace 4" Test Highlights I _ r-4 r_ i-j S_ L_ .Z: i:" 7 >- t,/ ,. 1990 Langley Research Center NASA Technical Memorandum 104090 ORIGINAL PAGE AND Wt-fTTE _:"-_TO_PAPH Langley Aerospace Test Highlights 1990 National Aeronautics and Space Administration Langley Research Center Langley Research Center NASA Technical Memorandum 104090 Hampton, Virginia 23665-5225 k ¸ Foreword The role of the NASA Langley Research Center is to perform basic and applied research necessary for the advancement of aeronautics and spaceflight, to generate new and advanced concepts for the accomplishment of related national goals, and to provide research advice, technological support, and assistance to other NASA installations, other government agencies, and industry. This report highlights some of the significant tests that were performed during calendar year 1990 in the NASA Langley Research Center test facilities, a number of which are unique in the world. The report illustrates both the broad range of the research and technology activities at the NASA Langley Research Center and the contributions of this work toward maintaining United States leadership in aeronautics and space research. Other highlights of Langley research and technology for 1990 are described in Research and Technology 1990-- Lan,gley Research Center. Further information concerning both reports is available from the Office of the Chief Scientist, Mail Stop l OS-A, NASA Langley Research Center, Hampton, Virginia 23665 (804-864-6062). Richard H. Petersen Director °o° PRECEDING PAGE BLANK NOT FILMED 111 Availability Information For additional information on any highlight, contact one of the individuals identified with the highlight. This individual is either a member or a leader of the research group.
    [Show full text]
  • Oracle® Beehive Oracle Beehive Standards-Based Clients Help Release 2 (2.0)
    Oracle® Beehive Oracle Beehive Standards-Based Clients Help Release 2 (2.0) November 2011 Last updated on November 4, 2011 This page contains configuration instructions and other related information for the following standards-based clients supported by Oracle Beehive: Hardware and Software Certification Managing your E-Mails ■ Apple Mail ■ Microsoft Outlook ■ Mozilla Thunderbird Managing Calendar and Task List ■ Apple iCal ■ Mozilla Lightning Using Instant Messaging ■ Apple iChat ■ Pidgin ■ Trillian Pro Accessing Documents (Web Clients and FTP Clients) ■ Browser-based Access ■ Desktop WebDAV Clients ■ Mac OS X Finder Web Access ■ Cadaver ■ Microsoft Windows Web Folders ■ Desktop FTP Clients ■ FileZilla ■ NCFTP ■ SmartFTP ■ Transmit RSS Clients Mobile Access Documentation Accessibility 1 Hardware and Software Certification The hardware and software requirements included in this installation guide were current at the time this guide was published. However, because new platforms and operating system software versions might be certified after this guide is published, review the certification matrix on the My Oracle Support Web site for the most up-to-date list of certified hardware platforms and operating system versions. My Oracle Support is available at the following URL: http://support.oracle.com/ You must register online before using My Oracle Support. Use the following steps to locate the certification information for your platform: 1. After logging in, click the Certifications tab. 2. In the Certification Search pane, on the Search tab, select the following information: ■ Product: Enter the product name or select from the drop-down list of Products. ■ Release: Select the release number of the product. ■ Platform: Select the target platform by choosing from the submenu list.
    [Show full text]
  • Imovie ’08 by Maggie Debaldo and Allison King Summer 2008
    iMovie ’08 By Maggie DeBaldo and Allison King Summer 2008 In Fall 2007, Apple released the newest incarnation of its famed video-editing tool, iMovie. The uproar was unanimous. iMovie ’08 is very different from iMovie HD. But not to worry; we here in the School of Information IT Lab have put together a new tutorial for your benefit. Rather than thinking of iMovie ’08 as a new edition of iMovie, think of it as a new program in the iLife Suite, and you’ll be just fine. The interface has changed. The file arrangement is different. And, you can now export your videos into a variety of really cool mediums. Do you YouTube? Objectives In this tutorial, we will: • Explore the interface, menus, and tools • Understand the default organization of iMovie ‘08 • Import media from a variety of sources • Learn to edit and trim video clips • Look at both the potential and limitations of the program • Export the finished product to a variety of sources In the spirit of the iMovie HD tutorial produced by Purpleshirt alum Dave Wilson in 2005, we’ve created a sequel to The Purple Way. This time, join the Purple Heroes in our quest to eliminate the evil Saboteur! Organization In most programs, you create a file and once you click “Save” or “Save As,” the result is a stand-alone entity that you can save to a USB stick or even email to yourself. Apple, however, has created a completely different organizational structure for iMovie ’08. Every time you upload a video clip, the clip joins the Event Library.
    [Show full text]
  • Certif Ication Handbook
    Certification Handbook EXAM FC0-U51 TM TM CompTIA® IT Fundamentals™ (Exam FC0-U51) CompTIA® IT Fundamentals™ (Exam FC0-U51) 2 Chapter # | Name of chapter CompTIA® IT Fundamentals™ (Exam FC0-U51) CompTIA® IT Fundamentals™ (Exam FC0-U51) Part Number: 099004 Course Edition: 1.0 Acknowledgements We wish to thank the following project team for their contributions to the development of this certification study guide: Pamela J. Taylor, Laurie A. Perry, Gail Sandler, Jason Nufryk, Alex Tong, and Catherine M. Albano. Notices DISCLAIMER While CompTIA Properties, LLC takes care to ensure the accuracy and quality of these materials, we cannot guarantee their ac- curacy, and all materials are provided without any warranty whatsoever, including, but not limited to, the implied warranties of merchantability or fitness for a particular purpose. The name used in the data files for this course is that of a fictitious com- pany. Any resemblance to current or future companies is purely coincidental. We do not believe we have used anyone’s name in creating this course, but if we have, please notify us and we will change the name in the next revision of the course. Use of screenshots, photographs of another entity’s products, or another entity’s product name or service in this book is for edito- rial purposes only. No such use should be construed to imply sponsorship or endorsement of the book by, nor any affiliation of such entity with CompTIA Properties, LLC. This courseware may contain links to sites on the internet that are owned and operated by third parties (the “External Sites”).
    [Show full text]
  • From the Myth of Babel to Google Translate: Confronting Malicious Use of Artificial Intelligence— Copyright and Algorithmic Biases in Online Translation Systems
    Fordham Law School FLASH: The Fordham Law Archive of Scholarship and History Faculty Scholarship 2019 From the Myth of Babel to Google Translate: Confronting Malicious Use of Artificial Intelligence— Copyright and Algorithmic Biases in Online Translation Systems Shlomit Yanisky-Ravid Fordham University School of Law, [email protected] Cynthia Martens Deborah A. Nilson & Associates, PLLC Follow this and additional works at: https://ir.lawnet.fordham.edu/faculty_scholarship Recommended Citation Shlomit Yanisky-Ravid and Cynthia Martens, From the Myth of Babel to Google Translate: Confronting Malicious Use of Artificial Intelligence— Copyright and Algorithmic Biases in Online Translation Systems, 43 Seattle U. L. Rev. 99 (2019) Available at: https://ir.lawnet.fordham.edu/faculty_scholarship/1089 This Article is brought to you for free and open access by FLASH: The Fordham Law Archive of Scholarship and History. It has been accepted for inclusion in Faculty Scholarship by an authorized administrator of FLASH: The Fordham Law Archive of Scholarship and History. For more information, please contact [email protected]. From the Myth of Babel to Google Translate: Confronting Malicious Use of Artificial Intelligence— Copyright and Algorithmic Biases in Online Translation Systems Professor Shlomit Yanisky-Ravid and Cynthia Martens* Many of us rely on Google Translate and other Artificial Intelligence and Machine Learning (AI) online translation daily for personal or commercial use. These AI systems have become ubiquitous and are poised to revolutionize human communication across the globe. Promising increased fluency across cultures by breaking down linguistic barriers and promoting cross-cultural relationships in a way that many civilizations have historically sought and struggled to achieve, AI translation affords users the means to turn any text—from phrases to books—into cognizable expression.
    [Show full text]
  • Disk Imaging Guide
    Disk Imaging Guide Tom Ensom Time-based Media Conservation, Tate Document Last Updated: January 2021 Document Version: 01.00 Document Licence: CC BY-SA 4.0 Contents 1 Document Background ....................................................................................................... 2 2 Introduction to Imaging ....................................................................................................... 3 3 Optical Media Imaging ........................................................................................................ 3 3.1 Optical Disc Structures ................................................................................................ 4 3.2 Optical Drives .............................................................................................................. 4 3.3 Optical Image Formats ................................................................................................ 4 3.3.1 ISO ....................................................................................................................... 5 3.3.2 BIN/CUE ............................................................................................................... 5 3.4 Optical Media Imaging Workflow ................................................................................ 5 3.5 Optical Media Imaging Troubleshooting ..................................................................... 8 3.5.1 Optical Read Errors ............................................................................................. 8 3.5.2 Audio
    [Show full text]