DOCSLIB.ORG

HHS Lesson 8: Forensics

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
HHS Lesson 8: Forensics LESSON 8 DIGITAL FORENSICS AND COUNTER FORENSICS Lesson 8: Forensics WARNING The Hacker Highschool Project is a learning tool and as with any learning tool there are dangers. Some lessons, if abused, may result in physical injury. Some additional dangers may also exist where there is not enough research on possible effects of emanations from particular technologies. Students using these lessons should be supervised yet encouraged to learn, try, and do. However ISECOM cannot accept responsibility for how any information herein is abused. The following lessons and workbooks are open and publicly available under the following terms and conditions of ISECOM: All works in the Hacker Highschool Project are provided for non-commercial use with elementary school students, junior high school students, and high school students whether in a public institution, private institution, or a part of home-schooling. These materials may not be reproduced for sale in any form. The provision of any class, course, training, or camp with these materials for which a fee is charged is expressly forbidden without a license, including college classes, university classes, trade-school classes, summer or computer camps, and similar. To purchase a license, visit the LICENSE section of the HHS web page at http://www.hackerhighschool.org/licensing.html. The Hacker Highschool Project is an open community effort and if you find value in this project, we ask that you support us through the purchase of a license, a donation, or sponsorship. 2 Lesson 8: Forensics Table of Contents WARNING...................................................................................................................................................2 Contributors...............................................................................................................................................5 Introduction...............................................................................................................................................6 The Magically Disappearing Data Trick (Where and How to Hide Data).......................................7 First Things First – Large Data Sets.......................................................................................................7 You Can’t Get There From Here.............................................................................................................8 Software Tools.......................................................................................................................................8 Digging the Tunnel...................................................................................................................................9 Passing the Buck...................................................................................................................................9 Working From Home..........................................................................................................................10 Next Things Next – Small Bits of Bytes..............................................................................................10 Swamped by Swaps..........................................................................................................................10 Give 'em Some Slack.........................................................................................................................11 File Makeovers....................................................................................................................................11 The Disappearing Data Magic Trick (Making Data Irrecoverable)................................................12 Wash, Rinse, Repeat..........................................................................................................................12 More Software Tools...............................................................................................................................13 Boot and Nuke...................................................................................................................................13 Eraser....................................................................................................................................................13 Sderase................................................................................................................................................13 Hammer, Drill, Bigger Hammer.........................................................................................................13 Planting a Garden.................................................................................................................................14 Seeding the Garden.........................................................................................................................15 Feed Your Head: Digital Forensics Principles......................................................................................16 Digital Forensic Methodology..........................................................................................................16 Digital Forensics Process....................................................................................................................16 Evidence gets lost all the time!..................................................................................................17 This is an Exercise for Law Enforcement Personnel Only...................................................................17 Home Away from Home, or When Business Gets Too Personal.......................................................18 Software Tools and Collections........................................................................................................19 Data Media Analysis..............................................................................................................................20 Time for a Date...................................................................................................................................20 Getting in Time With Offset.........................................................................................................20 EXIF Data.............................................................................................................................................21 Imaging Tools......................................................................................................................................21 Give Them the Boot(ing)...................................................................................................................21 Deleted Data......................................................................................................................................21 Formatting Media..............................................................................................................................22 Precautions While Collecting Evidence from a Data Storage Device.....................................22 Steganography: A look at security controversy............................................................................23 Steganography: It's Real, It's Easy and It Works.......................................................................24 Steganography Is a Scam..........................................................................................................26 Windows Forensics..................................................................................................................................26 Laptops Are Treasure Troves.............................................................................................................27 Volatile Information...........................................................................................................................27 Tools for Collecting Volatile Information On Windows.................................................................27 Non-volatile Information...................................................................................................................28 Ready? Roll Cameras, Action..........................................................................................................29 Windows Server 2008 Event Log editing and location...........................................................29 Linux Forensics.........................................................................................................................................29 Linux Slack...........................................................................................................................................30 Silly String.............................................................................................................................................30 3 Lesson 8: Forensics Grep.....................................................................................................................................................30 More Command-line Tools...............................................................................................................30 Finding a Haystack in a Needle...........................................................................................................31 Encryption, Decryption and File Formats.......................................................................................31 Feed Your Head: Real Case Studies....................................................................................................33 Mobile Forensics.....................................................................................................................................33
Load more

Recommended publications
  • Kali Linux Penetration Testing Bible
    Telegram Channel : @IRFaraExam Table of Contents Cover Title Page Introduction What Does This Book Cover? Companion Download Files How to Contact the Publisher How to Contact the Author CHAPTER 1: Mastering the Terminal Window Kali Linux File System Managing Users and Groups in Kali Files and Folders Management in Kali Linux Remote Connections in Kali Kali Linux System Management Networking in Kali Linux Summary CHAPTER 2: Bash Scripting Basic Bash Scripting Printing to the Screen in Bash Variables Script Parameters User Input Functions Conditions and Loops Summary CHAPTER 3: Network Hosts Scanning Basics of Networking Network Scanning DNS Enumeration Telegram Channel : @IRFaraExam Summary CHAPTER 4: Internet Information Gathering Passive Footprinting and Reconnaissance Summary CHAPTER 5: Social Engineering Attacks Spear Phishing Attacks Payloads and Listeners Social Engineering with the USB Rubber Ducky Summary CHAPTER 6: Advanced Enumeration Phase Transfer Protocols E‐mail Protocols Database Protocols CI/CD Protocols Web Protocols 80/443 Graphical Remoting Protocols File Sharing Protocols Summary CHAPTER 7: Exploitation Phase Vulnerabilities Assessment Services Exploitation Summary CHAPTER 8: Web Application Vulnerabilities Web Application Vulnerabilities Summary CHAPTER 9: Web Penetration Testing and Secure Software Development Lifecycle Web Enumeration and Exploitation Secure Software Development Lifecycle Summary CHAPTER 10: Linux Privilege Escalation Telegram Channel : @IRFaraExam Introduction to Kernel Exploits and Missing Configurations
    [Show full text]
  • Android Mobile Hacking Using Linux Arulpradeep S
    S. P. Arulpradeep et al.; International Journal of Advance Research, Ideas and Innovations in Technology ISSN: 2454-132X Impact factor: 4.295 (Volume 5, Issue 2) Available online at: www.ijariit.com Android mobile hacking using Linux Arulpradeep S. P. Vinothkumar P. Nilavarasan G. S. [email protected] [email protected] [email protected] SRM Institute of Science and Technology, SRM Institute of Science and Technology, SRM Institute of Science and Technology, Ramapuram, Chennai, Tamil Nadu Ramapuram, Chennai, Tamil Nadu Ramapuram, Chennai, Tamil Nadu Sai Harshith Kumar S. Naveen P. [email protected] [email protected] SRM Institute of Science and Technology, SRM Institute of Science and Technology, Ramapuram, Chennai, Tamil Nadu Ramapuram, Chennai, Tamil Nadu ABSTRACT Backdoors are one of the most complicated types of Android malware. A normal backdoor carries out its functionalities such as installing itself into the system directory, disabling system apps, or gaining access to app’s data, to steal and upload sensitive info, download and ask to install applications and set up mobile botnets when setting proper Android permissions. This project focus on how Android devices are hacked using backdoors and how they can be stopped from doing so. The backdoor application when installed and turned on the mobile allows an attacker to read, write and modify the data. Due to Backdoor attacks Confidentiality, Integrity, and Accountability of the information security are lost. When the application is installed on the victim's mobile and the victim opens the application it creates the meter-preter session which permits the attacker to access functions like webcam, contacts, read SMS, send SMS, read call log, write call log, access storage, install applications.
    [Show full text]
  • Kali Linux Setup
    Kali Linux Setup Kali Linux is most popular penetration testing and offensive security testing suite that comes pre- loaded with dozens of tools. Kali Linux is a Debian based distribution. VirtualBox is a powerful x86 and AMD64/Intel64 virtualization product. Virtualbox is a type-2 (aka hosted) hypervisor. Type- 2 hypervisors run on a conventional operating systems just as other computer programs do. A guest operating system runs as a process on the host. Type-2 hypervisors abstract guest operating systems from the host operating system. Site: https://www.kali.org/ https://www.virtualbox.org/ Terminology The following table defines some of the key terms you will need to understand: Term Definition Hypervisor / Virtual Machine A piece of computer software, firmware or hardware that Monitor (VMM) creates and runs virtual machines. A computer on which a hypervisor runs one or more virtual machines is called a host machine, and each virtual machine is called a guest machine. Architecture The following diagram illustrates a type-2 hypervisor. This set up comes with packages and configurations that would have been needed if choosing to install a simple image from kali. https://www.kali.org/downloads/ Tools and devices required for the install: -VirtualBox: https://www.virtualbox.org/wiki/Downloads -Device with 8GB RAM minimum -Device storage with at least 50 GB empty Set up: Download the Kali ova from the offensive security website: https://www.offensive- security.com/kali-linux-vmware-virtualbox-image-download/ Click on Kali Linux VirtualBox Image. Select the Kali Linux 64 bit VBox Image to start the download.
    [Show full text]
  • Which Linux Distribution? Difficulty in Choosing?
    Which Linux distribution? Difficulty in choosing? Ver 190916 www.ubuntutor.com Twitter @LaoYa14 Contents Page Contents 3 That's enough 4 At first 5 At first little about Linux world 6 Quick start guide for choosing the right distro for beginners 7 Basic information 8 ”Linux tree” 9 Basic information 10 Questions on the web site 11 Distros 12 App store 13 Ubuntu 16.04 and 18.04 14 Ubuntu MATE 15 Lubuntu 16 Ubuntu Budgie 17 Kubuntu 18 Xubuntu 19 Linux Mint 20 Zorin 21 MX Linux 22 Pepermint 23 Deepin 24 Arch Linux 25 Manjaro 26 Ubuntu Kylin 27 Ubuntu Studio 28 Kali Linux 29 Edubuntu 30 Desktop environments for Linux 31 File manager NEMO 32 File manager NAUTILUS 33 Installing Ubuntu live USB (test drive) That's enough When laptop is old and there is Windows XP, what to do? You can install Ubuntu Mate on your old laptop and keep at the same time Windows XP too, if you like XP. Or you can buy a tiny new laptop about 200-300 €/$ and change Windows 10 to Ubuntu. It works! I have made both about three years ago, and I haven't used Windows since then. My own laptop is cheap HP Stream 4 MB/32 GB. When I was studying Ubuntu, I noticed that simple beginner's guide books were not available. So, I did a guide book. I also created a website and named it www.ubuntutor.com. It currently includes Ubuntu 16.04 and 18.04 tutorials. And this guide is third one.
    [Show full text]
  • Kali Linux Revealed
    Kali Linux Revealed Mastering the Penetration Testing Distribution Kali Linux Revealed Mastering the Penetration Testing Distribution by Raphaël Hertzog, Jim O’Gorman, and Mati Aharoni Kali Linux Revealed Copyright © 2017 Raphaël Hertzog, Jim O’Gorman, and Mati Aharoni This book is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License. è http://creativecommons.org/licenses/by-sa/3.0/ Some sections of this book borrow content from the “Debian Administrator’s Handbook, Debian Jessie from Discovery to Mastery” written by Raphaël Hertzog and Roland Mas, which is available here: è https://debian-handbook.info/browse/stable/ For the purpose of the CC-BY-SA license, Kali Linux Revealed is an Adaptation of the Debian Administrator’s Handbook. “Kali Linux” is a trademark of Offensive Security. Any use or distribution of this book, modified or not, must comply with the trademark policy defined here: è https://www.kali.org/trademark-policy/ All Rights Not Explicitly Granted Above Are Reserved. ISBN: 978-0-9976156-0-9 (paperback) Offsec Press 19701 Bethel Church Road, #103-253 Cornelius NC 28031 USA www.offensive-security.com Library of Congress Control Number: 2017905895 The information in this book is distributed on an “As Is” basis, without warranty. While every precaution has been taken in the preparation of this work, neither the authors nor Offsec Press shall have any liabil- ity to any person or entity with respect to any loss or damage caused or alleged to be caused directly or indirectly by the information contained in it. Because of the dynamic nature of the Internet, any Web addresses or links contained in this book may have changed since publication and may no longer be valid.
    [Show full text]
  • Kali Linux 2.0 Download Free Learn Kali Linux 2.0 APK + Mod (Unlocked) for Android
    kali linux 2.0 download free Learn Kali Linux 2.0 APK + Mod (Unlocked) for Android. Install the steps: First you must uninstall Learn Kali Linux original version if you have installed it. Then, download Learn Kali Linux Mod APK on our site. After completing the download, you must find the apk file and install it. You must enable "Unknown sources" to install applications outside the Play Store. Then you can open and enjoy the Learn Kali Linux Mod APK. Is Learn Kali Linux Mod Safe? Learn Kali Linux Mod is 100% safe because the application was scanned by our Anti-Malware platform and no viruses were detected. The antivirus platform includes: AOL Active Virus Shield, avast!, AVG, Clam AntiVirus, etc. Our anti-malware engine filter applications and classifies them according to our parameters. Therefore, it is 100% safe to install Learn Kali Linux Mod APK on our site. Kali Linux 2.0, a free best Unix operating System for Pentesting. WOW !! feeling good to hear that the new version series of Kali Linux is started by Offensive Security, It is Kali Linux 2.0. Hackers, Pentesters, Security auditor are happy and excited with this release. OH God !! I forget to share with you about Kali Linux and it is here.. Kali Linus is a Operating System, for example, Microsoft window, Mac OS, and other open source Operating System as Debian or Ubuntu. It is broadly utilized for Penetration testing and security evaluating. Kali Linux is extraordinary from numerous points of view, however the most critical refinements of this Operating System are the capacity to not just run from a hard drive establishment be that as it may additionally boot as a live.
    [Show full text]
  • A Study of the Application of Free and Open Source Software Licensing Ideas to Art and Cultural Production
    Sandbox Culture A Study of the Application of Free and Open Source Software Licensing Ideas to Art and Cultural Production Aymeric Mansoux Supervisor: Matthew Fuller Thesis presented for the degree of Doctor of Philosophy Centre for Cultural Studies, Goldsmiths, University of London, February 2017 I, Aymeric Mansoux, confirm that the work presented in this thesis ismy own. Where information has been derived from other sources, I confirm that this has been indicated in the thesis. Date: February 19, 2017 Signed: Abstract In partial response to the inability of intellectual property laws to adapt to data-sharing over computer networks, several initiatives have proposed techno-legal alternatives to encourage the free circulation and transfor- mation of digital works. These alternatives have shaped part of contem- porary digital culture for more than three decades and are today often associated with the “free culture” movement. The different strands of this movement are essentially derived from a narrower concept of soft- ware freedom developed in the nineteen-eighties, and which is enforced within free and open source software communities. This principle was the first significant effort to articulate a reusable techno-legal template to work around the limitations of intellectual property laws. It also of- fered a vision of network culture where community participation and sharing was structural. From alternate tools and workflow systems, artist-run servers, net- work publishing experiments, open data and design lobbies, cooperative and collaborative frameworks, but also novel copyright licensing used by both non-profit organisations and for-profit corporations, the impact on cultural production of practices developed in relation to the ideas of iii free and open source software has been both influential and broadly ap- plied.
    [Show full text]
  • Comparative Analysis of Different Operating Systems for a Raspberry Pi
    National Conference on Innovative Trends in Science and Engineering (NC-ITSE'16) ISSN: 2321-8169 Volume: 4 Issue: 7 341 - 344 ___________________________________________________________________________________________________________________ Comparative Analysis of Different Operating Systems for a Raspberry Pi Prabodh S. Nimat1 Amit S. Kakad2 Deepavali P. Patil3 Dept. of CSE Dept. of ENTC Dept. of CSE MGICOET, Shegaon MGICOET, Shegaon MGICOET, Shegaon [email protected] [email protected] [email protected] Nitish B. Bhawarkar4 Swapnil A. Tale Dept. of ENTC Dept. of ENTC MGICOET, Shegaon MGICOET, Shegaon [email protected] [email protected] Abstract- In this paper we will take a look at different operating system for Raspberry Pi set up so you can try it and start using it for the variety of purposes. Raspberry Pi is small but powerful credit card sized little computer, but before doing anything awesome, you need to configure Raspberry Pi kit and install an operating system. Without an operating system Raspberry Pi is just a piece of silicon, fiberglass, and a few other semiconductor materials. This paper shed the light on different operating systems available for Raspberry Pi. We are going to compare them based on their emergent features, that makes them different than other Many from the available lists of operating systems, each one of them are segregated based on their applications, features and specifications. We have taken the 8 different operating system on our radar most use for Raspberry PiincludingRaspbian, Pidora, ArchLinux, OSMC, RetroPie, RISC OS, Firefox OS and Kali Linux. This paper focuses on the which operating system is capable and useful for particular needs and purposes.
    [Show full text]
  • Kali Linux Iso Download 2017.3 Kali Linux Iso Download 2017.3
    kali linux iso download 2017.3 Kali linux iso download 2017.3. Kali Linux (formerly known as BackTrack) is an Debian-based distribution with a collection of security and forensics tools. It features timely security updates, support for the ARM architecture, a choice of four popular desktop environments, and seamless upgrades to newer versions. Kali Linux is a Debian-based distribution which features several security and forensics tools. The project has adopted a rolling release approach to new versions. The new release, Kali Linux 2017.1, features drivers for RTL8812AU wireless chipsets, improved GPU support and there are now Azure and AWS images of Kali Linux for cloud instances. "Finally, its here! Were happy to announce the availability of the Kali Linux 2017.1 rolling release, which brings with it a bunch of exciting updates and features. As with all new releases, you have the common denominator of updated packages, an updated kernel that provides more and better hardware support, as well as a slew of updated tools - but this release has a few more surprises up its sleeve. A while back, we received a feature request asking for the inclusion of drivers for RTL8812AU wireless chipsets. These drivers are not part of the standard Linux kernel, and have been modified to allow for injection. Why is this a big deal? This chipset supports 802.11 AC, making this one of the first drivers to bring injection-related wireless attacks to this standard. Would you like to receive an email when a new version of Kali Linux is released? If so then click here.
    [Show full text]
  • Top 25 Best Kali Linux Tools for Beginners (Source)
    Kali Linux For Beginners Glen Maxson Center for Learning in Retirement Spring 2019 What is Kali Linux • Kali Linux, (first released on the 13th March, 2013) which was formally known as BackTrack, developed by the security firm Offensive Security, is a forensic and security-focused distribution based on Debian’s Testing branch. Kali Linux is designed with penetration testing, data recovery and threat detection in mind. • Kali Linux is free, and has 600+ penetration testing tools included. But first a caution and some advice • Kali Linux isn’t recommended for beginners. Period. This is the first thing you should learn. It is a Linux Distribution geared towards Security Professionals. • During penetration testing, it is crucial to prepare to stay anonymous. Don’t fool yourself by revealing your own identity while hacking, cover it! Kali Install Modes - Basic Differences (source) 1. Live Mode - boots using the USB drive so we run Kali from USB instead of running our main system. This allows us to inspect the system without worrying about locked/running processes. Live mode does not save changes. If you run reports, generate logs or save any data then it will be wiped when you reboot. Changes are not saved. 2. Live Mode (failsafe) - same as above but a bit more robust in case the system fails. Nicer to your devices. 3. Live Mode (forensic) - nothing loads, runs or happens unless it is initiated by you. USB devices do not auto mount and the internal hard drive is not touched. Nothing happens until you make it happen. Very good for professional forensic work.
    [Show full text]
  • Penetration Testing with Backbox
    Penetration Testing with BackBox An introductory guide to performing crucial penetration testing operations using BackBox Stefan Umit Uygur BIRMINGHAM - MUMBAI Penetration Testing with BackBox Copyright © 2014 Packt Publishing All rights reserved. No part of this book may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, without the prior written permission of the publisher, except in the case of brief quotations embedded in critical articles or reviews. Every effort has been made in the preparation of this book to ensure the accuracy of the information presented. However, the information contained in this book is sold without warranty, either express or implied. Neither the author, nor Packt Publishing, and its dealers and distributors will be held liable for any damages caused or alleged to be caused directly or indirectly by this book. Packt Publishing has endeavored to provide trademark information about all of the companies and products mentioned in this book by the appropriate use of capitals. However, Packt Publishing cannot guarantee the accuracy of this information. First published: February 2014 Production Reference: 1130214 Published by Packt Publishing Ltd. Livery Place 35 Livery Street Birmingham B3 2PB, UK. ISBN 978-1-78328-297-5 www.packtpub.com Cover Image by Aniket Sawant ([email protected]) Credits Author Project Coordinator Stefan Umit Uygur Aboli Ambardekar Reviewers Proofreader Jorge Armin Garcia Lopez Ameesha Green Shakeel Ali Sreenath Sasikumar Indexer Mariammal Chettiyar Acquisition Editor Gregory Wild Production Coordinator Manu Joseph Technical Editors Krishnaveni Haridas Cover Work Manu Joseph Ankita Thakur Copy Editors Alfida Paiva Laxmi Subramanian About the Author Stefan Umit Uygur has been an IT System and Security engineer for 14 years.
    [Show full text]
  • The Following Distributions Match Your Criteria (Sorted by Popularity): 1. Linux Mint (1) Linux Mint Is an Ubuntu-Based Distribu
    The following distributions match your criteria (sorted by popularity): 1. Linux Mint (1) Linux Mint is an Ubuntu-based distribution whose goal is to provide a more complete out-of-the-box experience by including browser plugins, media codecs, support for DVD playback, Java and other components. It also adds a custom desktop and menus, several unique configuration tools, and a web-based package installation interface. Linux Mint is compatible with Ubuntu software repositories. 2. Mageia (2) Mageia is a fork of Mandriva Linux formed in September 2010 by former employees and contributors to the popular French Linux distribution. Unlike Mandriva, which is a commercial entity, the Mageia project is a community project and a non-profit organisation whose goal is to develop a free Linux-based operating system. 3. Ubuntu (3) Ubuntu is a complete desktop Linux operating system, freely available with both community and professional support. The Ubuntu community is built on the ideas enshrined in the Ubuntu Manifesto: that software should be available free of charge, that software tools should be usable by people in their local language and despite any disabilities, and that people should have the freedom to customise and alter their software in whatever way they see fit. "Ubuntu" is an ancient African word, meaning "humanity to others". The Ubuntu distribution brings the spirit of Ubuntu to the software world. 4. Fedora (4) The Fedora Project is an openly-developed project designed by Red Hat, open for general participation, led by a meritocracy, following a set of project objectives. The goal of The Fedora Project is to work with the Linux community to build a complete, general purpose operating system exclusively from open source software.
    [Show full text]