달력

1

« 2021/1 »

  •  
  •  
  •  
  •  
  •  
  • 1
  • 2
  • 31
  •  
  •  
  •  
  •  
  •  
  •  
반응형



 

HxD Hex Editor 헥사 파일 편집기 프로그램 제거하기 삭제하기 uninstall

·         "프로그램 제거 또는 변경" 설정 오픈

·         프로그램 삭제

·         삭제 완료





반응형
Posted by codedragon codedragon

댓글을 달아 주세요

반응형




HashTab 해쉬탭 프로그램 제거하기 삭제하기 uninstall

·         "프로그램 제거 또는 변경" 설정 오픈

·         프로그램 삭제

·         삭제 완료





반응형
Posted by codedragon codedragon

댓글을 달아 주세요

반응형



 

HxD Hex Editor 프로그램 삭제하기 제거하기  uninstall

·         "프로그램 제거 또는 변경" 설정 오픈

·         프로그램 삭제

·         삭제 완료

 

 

----------------------------------------

 

 

"프로그램 제거 또는 변경" 설정 오픈

키보드의 [Window + R] 눌러 실행창을 오픈합니다.

 

실행창이 오픈되면 실행창안에 보이는 명령어를 입력합니다.

 

[확인] 버튼을 클릭합니다.

 

"프로그램 제거 또는 변경" 설정창이 오픈되면 설치된 프로그로그램 목록에서 "HxD Hex Editor 버전 x.x.x" 항목을 찾습니다.


 

 

프로그램 삭제

[HxD Hex Editor 버전 x.x.x] 해당 항목을 더블 클릭해서 삭제를 진행합니다.

 

[] 눌러서 삭제를 시작하겠습니다. 


 

 

제거 ...



 

삭제 완료

[확인] 버튼을 클릭해서 창을 닫아 종료해 줍니다.




반응형
Posted by codedragon codedragon

댓글을 달아 주세요

반응형



 

해쉬탭 HashTab 프로그램 제거하기 삭제하기 uninstall

·         "프로그램 제거 또는 변경" 설정 오픈

·         프로그램 삭제

·         삭제 완료

 

 

----------------------------------------

 

 

"프로그램 제거 또는 변경" 설정 오픈

키보드의 [Window + R] 눌러 실행창을 오픈합니다.


실행창안에 보이는 명령어를 그대로 입력합니다.

 

[확인] 버튼을 클릭합니다.


설치된 프로그로그램 목록에서 "HashTab x.x.xx" 항목을 찾습니다.


 

 

프로그램 삭제

해당 항목을 더블 클릭해서 삭제를 진행합니다.

 

[] 눌러서 삭제를 시작하겠습니다.



 

삭제 완료

모든 제거 작업이 완료되었습니다.

[확인] 버튼을 클릭해서 모든 작업을 종료해 줍니다. 




반응형
Posted by codedragon codedragon

댓글을 달아 주세요

반응형


 

Exif (EXchangable Image File format)

·         교환 이미지 파일 형식

·         디지털 카메라에서 이용되는 이미지 파일 포맷입니다.

·         JPEG, TIFF 6.0 RIFF, WAV 파일 포맷에 사진에 대한 정보메타데이터를 추가할 수 있습니다.

·         Exif JPEG 2000, PNG GIF 파일에서는 지원하지 않는다.

 

https://bit.ly/2ViBUDf

http://en.wikipedia.org/wiki/Exchangeable_image_file_format

 


 

Exif 메타데이터에 포함되는 정보

·         카메라 제조사

·         카메라 모델

·         회전 방향

·         날짜와 시간

·         위치 정보(지리정보, GPS)

·         색 공간

·         초점 거리

·         플래시 사용 여부

·         ISO 속도

·         조리개

·         노출 방식

·         측광 방식

·         셔터 속도

·         저작권 정보 등

 

 

 

 

 

Exif file format

http://www.media.mit.edu/pia/Research/deepview/exif.html


 


반응형
Posted by codedragon codedragon

댓글을 달아 주세요

반응형


 

 

Salamandra Spy Microphone Detection Tool

 

http://bit.ly/2FylHly


 

 

GETTING THE RTL-SDR TO WORK IN WINDOWS 10

http://bit.ly/2ux7Re3

 

 

 

 

직접 다운로드

Salamandra-master.z01

Salamandra-master.zip

 




반응형
Posted by codedragon codedragon

댓글을 달아 주세요

반응형

 

FILE SIGNATURES TABLE(File Magic Number Table)

파일의 유형에 따른 파일 매직 넘버(File Magic Numbers)를 확인할 수 있습니다.

 

http://www.garykessler.net/library/file_sigs.html



 

 

 

 

List of file signatures - Wiki

https://en.wikipedia.org/wiki/List_of_file_signatures


 

반응형
Posted by codedragon codedragon

댓글을 달아 주세요

반응형

   

Windows Help program (WinHlp32.exe) for Windows Vista

http://www.microsoft.com/en-us/download/details.aspx?displaylang=en&id=5143

   

 

 

 

직접 다운받기

Windows6.0-KB917607-x64.msu

Windows6.0-KB917607-x86.msu


반응형
Posted by codedragon codedragon

댓글을 달아 주세요

반응형

   

   

ChkRegLastChange

윈도우즈 레지스트리 value 및 data에 대한 생성 및 변경 시간 체크 프로그램

freeware

   


C++ source   

RegistryTimeCheck.cpp

RegistryTimeCheck.cpp

   


출처의 사이트 사라짐 (접속안됨)

반응형
TAG Archive
Posted by codedragon codedragon

댓글을 달아 주세요

반응형

   

   

HOWTO – iPhone Forensics with free and-or open source tools – 9-14-11 – viaForensics « viaForensics

   

   

https://www.nowsecure.com/blog/2011/10/20/howto-iphone-forensics-free-andor-open-source-tools-91411/#viaforensics

   

   

   

iPhone Forensics with F/OSS ### A HOWTO for iPhone Forensics with free and/or open source tools Qualifications

Presentation Goals

iPhone Forensics with F/OSS tools • Commercial Tools exist but there are a growing number of F/OSS tools

• A Mac (OSX) or Linux workstation is used for many of these programs

• Focus on step-by-step examples Open source (MIT) iPhone backup analyzer by Mario Picci (http://ipbackupanalyzer.com/) • Decodes files, presents in a hierarchical view, has some search and conversions

• Plist files are shown (binary plist files are automatically converted in ascii format)

• Image files are shown

• SQLite files are shown with the list of the tables they contain. By clicking on the tables list the selected table's content is dumped in the main UI

• Unknown data files are shown as hex/ASCII data iTunes Backup Directories

Mac Os X: /Library/Application Support/MobileSync/Backup/

Windows XP: \Documents and Settings\(username)\Application Data\Apple Computer\MobileSync\Backup\

Windows Vista, Windows 7: \Users\(username)\AppData\Roaming\Apple Computer\MobileSync\Backup\

Linux Install

On Ubuntu Workstation

------------------------------

sudo apt-get update

sudo apt-get install python-tk python-imaging python-imaging-tk git

Install pyttk

- Download: http://pypi.python.org/pypi/pyttk/

- Extract: tar xzvf pyttk-0.3.2.tar.gz

- cd pyttk-0.3.2/

- Install: sudo python setup.py install

git clone git://github.com/PicciMario/iPhone-Backup-Analyzer

cd iPhone-Backup-Analyzer/

./main.py -d ~/Desktop/8737684969e72eccf5ff0cafed21b15ec1cb6d4d/

Zdziarski's iOS forensic tools

Free for qualified law enforcement and government agencies • Based on F/OSS software and research (Cyanide, etc)

• Physical acquisition

• Logical acquisition

• PIN bypass

• Decrypts the encrypted files / slice

– iOS 3.x: fully decrypt slice, gets unallocated

– iOS 4.x: decrypts files, not unallocated (mostly)

• Decrypt Keychain

• Working on recovering deleted keys

with F/OSS

• @0naj iphone-dataprotection tools (Python and C)

– Brute force PIN code on device

– Recover device encryption keys

– Decrypt the keychain, all dataprotection encrypted files

– Scrape the HFS journal for deleted content

– Decrypt the entire raw disk

– Included with Jonathan Zdziarski's toolset, or available separately to developers:

http://code.google.com/p/iphone-dataprotection/

Mount the dmg image read-only (Linux)

• Determine file system offset in dd image:

• Mount HFS partition read only:

• Make sure file system was mounted

• Can check disk usage

• The Sleuth Kit by Brian Carrier

– Brain author of excellent book File System Forensics Analysis (FSFA)

– Actively maintained, just released 3.2.2 (06/13/2011)

– Supports NTFS, FAT, UFS 1, UFS 2, EXT2FS, EXT3FS, and ISO 9660

http://sleuthkit.org/

• Install:

• Programs to start with:

– mmls – Media Management ls, generally partition info:

• fsstat – File system info

• fls – Forensic list

– Power utility which can list allocated/deleted files

– Provides offset so recovery is possible

– Build MACB for timeline analysis

– analyst@ubuntu:/mnt/hgfs/Desktop$ fls -z CST6CDT -s 0 -m '/' -f hfs -r -i raw iPhone-3g-313.dmg > ~/iPhone-timeline.body

human friendly

• analyst@ubuntu:/mnt/hgfs/Desktop$ mactime -b ~/iPhone-timeline.body -z CST6CDT -d > ~/iPhone-timeline.csv

– Takes body file and turns into CSV or other format

Log2timeline

• Kristinn Gudjonsson developed this software

– Written in Perl (trying to convince him to move to Python)

– Extracts timeline artifacts from many file types including

• Evt/extx, registry, $MFT, prefetch, browser history, etc. (46 and climbing)

– 10+ export formats

http://log2timeline.net/ • Install log2timeline on Ubuntu 10.10 (lucid)

– sudo add-apt-repository "deb http://log2timeline.net/pub/ lucid main"

– wget -q http://log2timeline.net/gpg.asc -O- | sudo apt-key add -

– sudo apt-get update

– sudo apt-get install log2timeline-perl

Log2timeline

• sudo timescanner -d /home/analyst/mnt/hfs/ -z CST6CDT -w ~/iPhone-log2timeline.csv

– 218 artifacts (either files or directories).

– Run time of the script 24 seconds. • If you output in body format, can combine with TSK's fls output and generate full timeline of file system and file metadata (sometimes referred to as a "Super Timeline"

Scalpel

• Download scalpel src at:

• wget http://www.digitalforensicssolutions.com/Scalpel/scalpel-2.0.tar.gz

• Compile

– tar xzvf scalpel-2.0.tar.gz

– cd scalpel-2.0/

– sudo apt-get install libtre-dev libtre5

– ./configure; make

– sudo cp scalpel /usr/local/bin • Run scalpel

$ scalpel -c ~/scalpel.conf iPhone-3g-313.dmg • Examine data in "scalpel-output" directory

Sample scalpel.conf

viewer

• Usage:

$ xxd iPhone-3g-313.dmg | less • To auto skip 0's:

$ xxd -a iPhone-3g-313.dmg | less Hex editor

• Usage:

$ hexedit iPhone-3g-313.dmg • Once in hex editor:

– "/" = search hex/ASCII string (in "hexedit" use tab to change between ASCII and hex searches)

– q = exit hex editor

– h = help • Can quickly locate potential evidence • Other tools also available (hexeditor and many others) Grep Command

• Searches through a file (or many files/folders) for a specified keyword(s) • Grep is case sensitive by default

$ grep amr iPhone-3g-313.dmg • To do case-insensitive (more time consuming):

$ grep –i AmR iPhone-3g-313.dmg • Can search for a phrase in quotes

$ grep "Trace File" iPhone-3g-313.dmg

$ grep -a "Trace File" iPhone-3g-313.dmg

$ grep -a -A 1 -B 1 "Trace File" iPhone-3g-313.dmg

Grep Command (continued)

• Can also be used to search through many files • Grep through all files in a user's home directory for "viaF": analyst@ubuntu:~$ grep -R 312493 *

Binary file scalpel-output/sqlitedb-9-0/00001.db matches

Binary file scalpel-output/sqlitedb-9-0/00017.db matches Find all sms database files from iPhone (after scalpel)

analyst@ubuntu:~$ grep -R svc_center sqlite* "Strings" Command

• Strings is a powerful utility to extract ASCII or Unicode strings from binary data • Can be run against a file or a full disk image

$ strings iPhone-3g-313.dmg > iPhone.str

$ strings iPhone-3g-313.dmg | less • Can also search for Unicode

$ strings -e b iPhone-3g-313.dmg | less "Strings" does more than ASCII

• Strings is designed to extract ASCII and Unicode

– 7-bit ASCII, 8-bit ASCII

– 16-bit big-endian and little-endian

– 32-bit big-endian and little-endian • From the strings manual page:

Decrypting data – step 1

• Scenario: imaged iPhone and application has encrypted data which you need to view. • Our solution (but other approaches may work)

• Noted app data was encrypted

• Analyzed symbol table for app, saw entries such as:

• 00091033 t -[NSData(AESAdditions) AES256DecryptWithKey:]

• 00092015 t -[NSData(AESAdditions) AES256EncryptWithKey:]

• 0009aA07e t -[NSData(AESAdditions) keyBytes:]

• 00034261 t +[NSData(Base64) dataFromBase64String:]

• 00034410 t -[NSData(Base64) base64EncodedString] • Determined app stored key in Keychain so cracked the key chain, found an entry with a Base64 encoded key

• Decoded Base64 key

• Wrote quick program that used "AES256DecryptWithKey" API, encrypted file and decode AES encryption key to access data • F/OSS Tools used:

• Zdziarski's techniques to physically image device, crack keychain

• Strings to determine encryption technique

• XCode from Apple to write decrypt program Andrew Hoog

Chief Investigative Officer

ahoog@viaforensics.com http://viaforensics.com

Main Office:

1000 Lake St, Suite 203

Oak Park, IL 60301

Tel: 312-878-1100 | Fax: 312-268-7281

   

출처: <https://www.nowsecure.com/blog/2011/10/20/howto-iphone-forensics-free-andor-open-source-tools-91411/>

  

 

 

 

직접 다운로드

viaForensics-iPhone-Forensics-with-FOSS.pdf


반응형
Posted by codedragon codedragon

댓글을 달아 주세요