Please enable JavaScript.
Coggle requires JavaScript to display documents.
Nist Hacking Case Study, git (utility to clone and execute the files and…
Nist Hacking Case Study
Hashdeep
md5sum
sha1sum
DD Image
7z (unzip file to get actual image)
Wget (download file from web)
plugins and packages
Perl (used for extracting information)
evtparse.pl ( to get the event logs)
.pl (extension for perl compatible)
Tools
tshark (to access the wireshark through terminal for network traffic)
http.request (details of http request to the server for hosting)
rifiuti2 (to recover the files from recyclebin)
calmav (anti-virus to get details of viruses attacked the system)
clamscan (to scan the file for viruses)
Filesystem
comm (to compare the files for matching)
sudo mount (to mount the filesystem)
file ( to define the type and version of program)
strings ( to return the string characters into files)
Disk Partitions
fls (files and directories details)
loosetup (to mount the partition)
fsstat(details associated with files)
icat (to copy files based on inode)
cat(to concatenate the image parts into a single partition)
egrep( pattern searching command)
config/system 9search for system configuration files)
SysEvent.Evt ( to show the system based event files)
get the IP address and MAC address by following the format
mmls (unallocated partition)
grep 'Greg Schardt' (search from mount file to get user details)
grep evil (search the string)
search for Email address by following the pattern
Registry Investigation
rip.pl (perl based plugin for extraction)
winver (to extract the windows version based on registery data)
timezone (timestamp of log in the system)
compname (to get computer details)
samparse (to get details of every user )
profilelist (last user details)
ntuser.dat (file to get the user details)
install / uninstall (softwares information)
outlook (for history)
grep news.dallas.sbcglobal.net (search for news servers associated with user)
get the log and config files of system
git (utility to clone and execute the files and commands)
Tools.git ( to get the complete toolkit)