Please enable JavaScript.
Coggle requires JavaScript to display documents.
Illegal Image Possesion Case Study - Coggle Diagram
Illegal Image Possesion Case Study
Test Folder
echo (create a text file based on string)
cat (verify the content of text file)
xxd (check file based on hexa format)
tail (get the ending hexa values of file)
head ( to get the initial values)
shred (overwrite the file to hide its content)
DD images
shot.jpg (download the image file)
wget ( get the dd image file of the USB captured through university)
jphs_05.zip (to get the hidden iages)
unzip (to get the access to data)
openssl dgst ( to verify the hash values of log files)
-md5
rhino2.log
rhino3.log
RHINOUSB.dd
rhino.log
Disk Partitions
fdisk (allocated partition)
fls (files and directories details)
loosetup (to mount the partition)
fsstat(details associated with files)
tree(directories and files relationship)
tail (ending files)
icat (to copy files based on inode)
cat(to copy data of files)
istat (display th inode of files)
grep(for searching the text/string)
head (initial files)
egrep( pattern searching command)
Tools
photorec (to recover the recover deleted photos from a records)
choose the media as rhino
select the system type and start searching
save record to current folder as files are recovered
recup_dir.1 (directory of the record files)
display *.jpg/ .gif( all files one by one to get the rhino images)
exiftool (to access and view the metadata files)
.jpg (to get details of all images)
stegdetect (script file to get the hidden images by using steganography)
*.jpg(detect the tools used to hide the images)
stegbreak (to get the missing files and folders)
rockyou.txt (stores the password based on the script file and disk image to access the hidden files)
rules.ini (coniguration file to store the operations perform)
wine ( to run the windows based software in linux system)
jpseek.exe (software to access the hidden messages from the images)
git (tool to get access to the script files and clone it)
toolkit.git (containing all tools)
stego-toolkit (used to hide data in images)
jphide.sh (script file to change the permissions and access it)
/usr/bin/jphide (file stores at the main file system for future access)
wireshark (to capture and investigate the network traffic)/GUI based tool
examine the log file
Follow the TCP stream to get the exact packet for hexa value of the image and stores as jpg file)
xxd (get the initial and ending hexa value of the lofg file to verify the image)
display images as rhino1, rhino3.jpg
unzip contraband.zip (file to access the hidden data from usb)
examine the rhino2.log file
whois ( querying databases that store the registered users of an Internet resource)
bless ( where we can edit the hexavalue of a log file)
fcrackzip ( to crack the password protected zip file)
contraband.zip (crack the password based on the rockyou.txt file)
display rhino2.jpg