File/Data Carving & Recovery Tools
Try Hard Security Group
Carving & Recovery tools
More tools in https://github.com/Claudio-C/awesome-datarecovery
Autopsy
Chombo kinachotumika sana katika uchunguzi kutoa faili kutoka kwa picha ni Autopsy. Pakua, sakinisha na fanya iweze kuchukua faili ili kupata faili "zilizofichwa". Kumbuka kwamba Autopsy imejengwa kusaidia picha za diski na aina nyingine za picha, lakini si faili rahisi.
Binwalk
Binwalk ni chombo cha kuchambua faili za binary ili kupata maudhui yaliyojumuishwa. Inaweza kusakinishwa kupitia apt
na chanzo chake kiko kwenye GitHub.
Amri muhimu:
Foremost
Zana nyingine ya kawaida ya kutafuta faili zilizofichwa ni foremost. Unaweza kupata faili ya usanidi ya foremost katika /etc/foremost.conf
. Ikiwa unataka tu kutafuta faili fulani, ondoa alama ya maoni kwenye hizo. Ikiwa hujaondoa alama ya maoni kwenye chochote, foremost itatafuta aina zake za faili zilizowekwa kama chaguo-msingi.
Scalpel
Scalpel ni chombo kingine ambacho kinaweza kutumika kutafuta na kutoa faili zilizojumuishwa ndani ya faili. Katika kesi hii, utahitaji kuondoa maoni kutoka kwa faili la usanidi (/etc/scalpel/scalpel.conf) aina za faili unazotaka ikatoe.
Bulk Extractor
Chombo hiki kinapatikana ndani ya kali lakini unaweza kukipata hapa: https://github.com/simsong/bulk_extractor
Chombo hiki kinaweza kuskan picha na kitatoa pcaps ndani yake, taarifa za mtandao (URLs, domains, IPs, MACs, mails) na zaidi files. Unachohitaji kufanya ni:
Navigate through maelezo yote that the tool has gathered (passwords?), analyze the paket (read Pcaps analysis), search for domeni za ajabu (domains related to malware or zisizokuwepo).
PhotoRec
You can find it in https://www.cgsecurity.org/wiki/TestDisk_Download
It comes with GUI and CLI versions. You can select the aina za faili you want PhotoRec to search for.
binvis
Check the code and the web page tool.
Features of BinVis
Visual and active muonekano wa muundo
Multiple plots for different focus points
Focusing on portions of a sample
Kuona stings na rasilimali, in PE or ELF executables e. g.
Getting mifumo for cryptanalysis on files
Kugundua packer or encoder algorithms
Tambua Steganography by patterns
Visual binary-diffing
BinVis is a great nukta ya kuanzia kujifunza kuhusu lengo lisilojulikana in a black-boxing scenario.
Specific Data Carving Tools
FindAES
Searches for AES keys by searching for their key schedules. Able to find 128. 192, and 256 bit keys, such as those used by TrueCrypt and BitLocker.
Download hapa.
Complementary tools
You can use viu to see images from the terminal. You can use the linux command line tool pdftotext to transform a pdf into text and read it.
Try Hard Security Group
Last updated