DOCSLIB.ORG

Copy of RECON LAB Full Manual

Copy of RECON LAB Full Manual

Copy of RECON LAB Full Manual Copy of RECON LAB Full Manual by SUMURI 1 / 62 Copy of RECON LAB Full Manual 1. INTRODUCTION ............................................................................................ 6 1.1. WHY USE A MAC FOR FORENSIC ANALYSIS? ......................................... 6 1.1.1. APPLE EXTENDED ATTRIBUTES ............................................................ 6 1.1.2. VIEWING PROPER TIMESTAMPS ........................................................... 7 1.1.3. VIEWING FILES NATIVELY ..................................................................... 7 1.1.4. APPLE FILE SYSTEM (APFS) .................................................................. 7 1.1.5. LOCAL TIME MACHINE SNAPSHOTS (APFS) ........................................... 7 1.1.6. FILEVAULT ........................................................................................... 8 1.1.7. SUPPORT FOR OTHER FILE SYSTEMS .................................................. 8 1.2. HYBRID PROCESSING ENGINE ................................................................ 8 1.3. THREE STAGE ANALYSIS ......................................................................... 8 1.4. SUPPORT FOR OVER 270 TIMESTAMPS .................................................. 8 1.5. ADVANCED TIMELINES ............................................................................ 9 1.6. ADVANCED DATA CORRELATION ............................................................ 9 1.7. ADVANCED REPORTING WITH FULL CONTROL ...................................... 9 2. RECOMMENDED MINIMUM REQUIREMENTS ............................................ 9 3. HELPFUL HINTS .......................................................................................... 10 4. GETTING SUPPORT .................................................................................... 10 5. RENEWING RECON LAB ............................................................................. 11 6. TRAINING ..................................................................................................... 11 7. INSTALLATION ............................................................................................ 11 7.1. INSTALLING XCODE AND COMMAND LINE TOOLS ................................. 12 7.2. INSTALLING FUSE FOR macOS ............................................................... 12 7.3. INSTALLING PARAGON DRIVERS ........................................................... 12 7.4. DOWNLOADING RECON LAB UPDATES .................................................. 13 7.5. INSTALLING RECON LAB ......................................................................... 13 7.6. GRANTING PRIVILEGES ......................................................................... 16 7.6.1. FULL DISK ACCESS ............................................................................ 16 7.7. ENERGY AND SLEEP SETTINGS ............................................................ 18 8. STARTING RECON LAB ............................................................................. 20 8.1. ADDING YOUR LICENSE ......................................................................... 20 8.2. INSTALLING PYTHON ............................................................................. 23 8.3. ADMIN PASSWORD ................................................................................ 23 8.4. ACCESS WARNING MESSAGES ............................................................. 23 8.5. RECON LAB WELCOME SCREEN ........................................................... 24 9. CONFIGURATION ....................................................................................... 25 9.1. EXAMINER DETAILS ............................................................................... 26 9.2. ARTIFACTS AND PLUGINS ..................................................................... 27 2 / 62 Copy of RECON LAB Full Manual 9.3. USER DEFINED EXTENSIONS ................................................................ 30 9.4. USER DEFINED FILE SIGNATURES ........................................................ 31 9.5. KEYWORD LISTS .................................................................................... 33 9.6. TEXT INDEXING FILTERS ....................................................................... 35 9.7. APPLE METADATA FILTERS ................................................................... 37 9.8. EXIF METADATA FILTERS ...................................................................... 38 9.9. VOLATILITY PATH ................................................................................... 39 9.10. SYSTEM PASSWORD ........................................................................... 39 9.11. TEXT VIEW SETTINGS .......................................................................... 40 9.12. EXTERNAL APPLICATIONS ................................................................... 41 10. STARTING A NEW CASE ......................................................................... 41 10.1. CASE INFO ............................................................................................ 41 10.2. ADDING SOURCE DATA TO PROCESS ................................................. 43 10.2.1. MOUNTED VOLUMES ........................................................................ 43 10.2.2. FORENSICS IMAGES ......................................................................... 43 10.2.3. FILEVAULT IMAGE ............................................................................ 44 10.2.4. FUSION IMAGE ................................................................................. 44 10.2.5. OPTICAL DISC IMAGE ....................................................................... 45 10.2.6. RAM IMAGE ...................................................................................... 46 10.2.7. IOS BACKUP ..................................................................................... 46 10.2.8. TIME MACHINE BACKUP .................................................................... 46 10.2.9. GOOGLE TAKEOUT ........................................................................... 47 10.2.10. MACOS HOME DIRECTORY .............................................................. 48 10.2.11. FOLDER ......................................................................................... 48 10.2.12. FILE ............................................................................................... 48 10.2.13. ADB ANDROID BACKUP ................................................................... 49 10.2.14. RECON LOGICAL IMAGE .................................................................. 49 10.3. ADDING SOURCE INFORMATION ......................................................... 49 10.4. ADDING MULTIPLE SOURCES .............................................................. 50 10.5. CASE DIRECTORY ................................................................................ 50 10.6. DATE AND TIME SETTINGS .................................................................. 50 10.7. FILE SYSTEM MODULES SELECTION .................................................. 50 10.7.1. APPLE METADATA MODULE .............................................................. 50 10.7.2. MIME TYPES MODULE ....................................................................... 50 10.7.3. SIGNATURE ANALYSIS MODULE ........................................................ 51 10.7.4. EXIF METADATA Module .................................................................... 51 10.7.5. HASHES MODULE ............................................................................. 51 10.8. ARTIFACT PLUGIN SELECTION MODULE ............................................. 51 3 / 62 Copy of RECON LAB Full Manual 11. RELOADING A CASE ................................................................................ 51 12. RECON LAB INTERFACE ......................................................................... 52 12.1. PROCESSING STATUS WINDOW .......................................................... 52 12.2. CASE VIEW ........................................................................................... 52 12.3. TOP MENU ............................................................................................ 52 12.4. MAIN COLUMNS .................................................................................... 52 12.5. CASE SIDEBAR ..................................................................................... 52 12.6. MAIN VIEWER WINDOW ....................................................................... 53 12.6.1. TABLE VIEW ..................................................................................... 53 12.6.1.1. RECURSIVE VIEW .......................................................................... 53 12.6.1.2. EXPORT TO CSV ........................................................................... 53 12.6.1.3. TABLE VIEW FILTER AND SEARCH ................................................... 53 12.6.1.4. NAVIGATION BUTTONS ................................................................... 53 12.6.2. GALLERY VIEW ................................................................................. 53 12.7. MULTIMEDIA PREVIEW PANE ............................................................... 53 12.8. VIEWER PANES .................................................................................... 53 12.8.1. DETAILED INFORMATION PANE ......................................................... 53 12.8.2. HEX VIEW PANE ..............................................................................

View Full Text

Details

  • File Type
    pdf
  • Upload Time
    -
  • Content Languages
    English
  • Upload User
    Anonymous/Not logged-in
  • File Pages
    62 Page
  • File Size
    -

Download

Channel Download Status
Express Download Enable

Copyright

We respect the copyrights and intellectual property rights of all users. All uploaded documents are either original works of the uploader or authorized works of the rightful owners.

  • Not to be reproduced or distributed without explicit permission.
  • Not used for commercial purposes outside of approved use cases.
  • Not used to infringe on the rights of the original creators.
  • If you believe any content infringes your copyright, please contact us immediately.

Support

For help with questions, suggestions, or problems, please contact us