달력

12

« 2019/12 »

  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  •  
  •  
  •  
  •  

   

   

DCode

다양한 타임스탬프에서 날짜/시간값 계산하는 도구

   

http://www.digital-detective.net/digital-forensic-software/free-tools/

   

다운로드

하단의 회색 Download버튼 클릭

   

   

실행화면

   

   

직접다운로드

DCode-v4.02a-build-4.02.0.9306.zip


Posted by codedragon codedragon

댓글을 달아 주세요

   

   

openports.exe

시스템 프로세스와 함께 모든 오픈된 TCP와 UDP 포드 정보 출력

   

   

C:\forensics\ToolSuite>openports.exe /?

OpenPorts - DiamondCS Console Tools (www.diamondcs.com.au)

---

PURPOSE: Displays information about all TCP/UDP ports.

USAGE: openports.exe [-lines] [-path] [-netstat / -fport / -csv]

FLAGS:

[no flags] Standard display (default options used)

-lines Adds lines between processes for easier viewing

-path Processes are displayed with full path

The above flags have no effect if one of these options is used:

-netstat Results are displayed similar to Window XP's netstat

-fport Results are displayed similar to FPort

-csv Results are displayed as comma separated values

    

 

   

 

 

직접 다운로드


Posted by codedragon codedragon

댓글을 달아 주세요

   

   

Hunt

   

   

version

2.0

   

   

   

 

직접 다운로드


Posted by codedragon codedragon

댓글을 달아 주세요

   

   

Guide to Integrating Forensic Techniques into Incident Response

   

   

 

Table of Contents

Executive Summary..................ES-1

1. Introduction.........................1-1

1.1 Authority......................1-1

1.2 Purpose and Scope.....1-1

1.3 Audience.....................1-1

1.4 Publication Structure...1-2

2. Establishing and Organizing a Forensics Capability.............2-1

2.1 The Need for Forensics...............2-1

2.2 Forensic Staffing.........2-3

2.3 Interactions with Other Teams.....2-4

2.4 Policies........................2-5

2.4.1 Defining Roles and Responsibilities......................2-5

2.4.2 Providing Guidance for Forensic Tool Use............2-6

2.4.3 Supporting Forensics in the Information System Life Cycle........................2-6

2.5 Guidelines and Procedures.........2-7

2.6 Recommendations......2-8

3. Performing the Forensic Process......3-1

3.1 Data Collection............3-2

3.1.1 Identifying Possible Sources of Data.....................3-2

3.1.2 Acquiring the Data............3-3

3.1.3 Incident Response Considerations........................3-5

3.2 Examination................3-6

3.3 Analysis.......................3-6

3.4 Reporting.....................3-6

3.5 Recommendations......3-7

4. Using Data from Data Files.4-1

4.1 File Basics...................4-1

4.1.1 File Storage Media...........4-1

4.1.2 Filesystems......4-3

4.1.3 Other Data on Media........4-4

4.2 Collecting Files............4-5

4.2.1 Copying Files from Media.4-6

4.2.2 Data File Integrity.............4-7

4.2.3 File Modification, Access, and Creation Times......4-9

4.2.4 Technical Issues..............4-9

4.3 Examining Data Files.4-10

4.3.1 Locating the Files...........4-11

4.3.2 Extracting the Data.........4-11

4.3.3 Using a Forensic Toolkit.4-13

4.4 Analysis.....................4-14

4.5 Recommendations....4-15

5. Using Data from Operating Systems.5-1

5.1 OS Basics...................5-1 iv

 

5.1.1 Non-Volatile Data.............5-1

5.1.2 Volatile Data.....5-3

5.2 Collecting OS Data......5-4

5.2.1 Collecting Volatile OS Data...................................5-5

5.2.2 Collecting Non-Volatile OS Data...........................5-8

5.2.3 Technical Issues with Collecting Data.................5-10

5.3 Examining and Analyzing OS Data.................................5-11

5.4 Recommendations....5-12

6. Using Data From Network Traffic.......6-1

6.1 TCP/IP Basics.............6-1

6.1.1 Application Layer..............6-2

6.1.2 Transport Layer6-2

6.1.3 IP Layer...........6-3

6.1.4 Hardware Layer6-4

6.1.5 Layers’ Significance in Network Forensics............6-4

6.2 Network Traffic Data Sources......6-5

6.2.1 Firewalls and Routers.......6-5

6.2.2 Packet Sniffers and Protocol Analyzers.................6-5

6.2.3 Intrusion Detection Systems..................................6-6

6.2.4 Remote Access6-7

6.2.5 Security Event Management Software..................6-7

6.2.6 Network Forensic Analysis Tools..........................6-8

6.2.7 Other Sources..6-8

6.3 Collecting Network Traffic Data...6-9

6.3.1 Legal Considerations.......6-9

6.3.2 Technical Issues............6-10

6.4 Examining and Analyzing Network Traffic Data..............6-11

6.4.1 Identify an Event of Interest.................................6-12

6.4.2 Examine Data Sources...6-12

6.4.3 Draw Conclusions..........6-16

6.4.4 Attacker Identification.....6-17

6.5 Recommendations....6-18

7. Using Data from Applications............7-1

7.1 Application Components..............7-1

7.1.1 Configuration Settings......7-1

7.1.2 Authentication..7-2

7.1.3 Logs.................7-2

7.1.4 Data.................7-3

7.1.5 Supporting Files...............7-3

7.1.6 Application Architecture....7-4

7.2 Types of Applications..7-5

7.2.1 E-mail...............7-5

7.2.2 Web Usage......7-6

7.2.3 Interactive Communications..................................7-7

7.2.4 File Sharing......7-7

7.2.5 Document Usage.............7-8

7.2.6 Security Applications........7-8

7.2.7 Data Concealment Tools..7-8

7.3 Collecting Application Data..........7-9 v

 

7.4 Examining and Analyzing Application Data.......................7-9

7.5 Recommendations....7-10

8. Using Data from Multiple Sources.....8-1

8.1 Suspected Network Service Worm Infection.....................8-1

8.2 Threatening E-mail......8-3

8.3 Recommendations......8-5

 

List of Appendices

Appendix A— Recommendations..............A-1

A.1 Organizing a Forensics Capability....................................A-1

A.1.1 Forensic Participants........A-1

A.1.2 Forensic Policies, Guidelines, and Procedures......A-1

A.1.3 Technical Preparation......A-2

A.2 Performing the Forensics Process....................................A-2

A.2.1 Data Collection.A-3

A.2.2 Examination and AnalysisA-4

A.2.3 Reporting.........A-4

Appendix B— Scenarios.............B-1

B.1 Scenario Questions.....B-1

B.2 Scenarios....................B-1

Appendix C— Glossary..............C-1

Appendix D— Acronyms............D-1

Appendix E— Print Resources...E-1

Appendix F— Online Tools and Resources...................................F-1

Appendix G— Index....................G-1

List of Figures

Figure 3-1. Forensic Process.......3-1

Figure 4-1. File Header Information............4-12

Figure 6-1. TCP/IP Layers............6-1

Figure 6-2. TCP/IP Encapsulation6-2

List of Tables

Table 4-1. Commonly Used Media Types....4-2 

 

 

 

직접다운로드

SP800-86.pdf


Posted by codedragon codedragon

댓글을 달아 주세요

   

   

Guidelines for Evidence Collection and Archiving, rfc3227

   

   

   

   

   



직접다운받기

rfc3227.pdf

 

Posted by codedragon codedragon

댓글을 달아 주세요