Please enable JavaScript.

Coggle requires JavaScript to display documents.

(NIST Hacking Case) - Coggle Diagram

- - - - to print the content of a file onto the standard output stream
    - - to calculate the hash value of the zip file
    - - shows partitions and unallocated spaces
    - - list files and directory name and information
      - -rfd
        
        to show deleted files
    - - searches through the file
    - - to copy files based on inode
    - - scans a specific file, line to line, and prints the line(s) that contain the search string/regular expression.
    - - to display the system date and time
    - - mount
        
        mounts a dd to the mounting point
      - losetup
        
        sets up a loop device
    - - return the string characters into files.
    - - compare two sorted files line by line and write to standard output
    - - initial files
    - - to find a specific file in a given directory, to show file format
  - - - rip.pl
        
        perl based plugin for extraction
      - samparse
        
        used to extract both 'user' and 'group' information from the 'SAM' hive file
      - samparse_tln
        
        used to access time line
      - uninstall
        
        software that have been uninstalled
    - - perl
        
        used for extracting information
      - Windows event file (*.evt) parser, it generates a text csv output from the event files
    - - lets you capture packet data from a live network, or read packets from a previously saved capture file
    - - extracts file deletion time, original path and size of deleted files and whether the deleted files have been moved out from the recycle bin since they are trashed
    - - detects many types of malware, including viruses