frankwxu / digital-forensics-lab Goto Github PK
View Code? Open in Web Editor NEWFree hands-on digital forensics labs for students and faculty
Home Page: https://github.com/frankwxu/digital-forensics-lab
License: Other
Free hands-on digital forensics labs for students and faculty
Home Page: https://github.com/frankwxu/digital-forensics-lab
License: Other
analyzeMFT is no longer maintained https://github.com/dkovar/analyzeMFT/blob/master/README.txt
and has several known short comings rowingdude/analyzeMFT#56
I strongly recommend to stop using it
We can't download Disk_Image_ID-20210327, it reaches 8 GB from 30 GB and the download terminates.
Help to download disk image for lab work P2P_Leakage
https://github.com/frankwxu/digital-forensics-lab/tree/main?tab=readme-ov-file#investigating-p2p-data-leakage
I don't know if Libreoffice for Linux has problems displaying the PPT files correctly...
The command
fls -F -d -r -o 206848 cfreds_2015_data_leakage_pc.dd|grep -P '\.pf' --color
is hidden below an image.
Hi,
I've observed, that the muicache sample on slide NIST_Data_Leakage_01_Registry_Correction.pptx uses the wrong inode number. (Slide 52, last page).
Would it be correct like the following?
`┌──(root㉿forensiclinux)-[/FORENSIC/lab_data_leaks_Win]
└─# fls -rF -o 206848 cfreds_2015_data_leakage_pc.dd|grep -i usrclass.dat$
r/r 63765-128-3: Users/admin11/AppData/Local/Microsoft/Windows/UsrClass.dat
r/r 13929-128-3: Users/informant/AppData/Local/Microsoft/Windows/UsrClass.dat
r/r 70107-128-3: Users/temporary/AppData/Local/Microsoft/Windows/UsrClass.dat
┌──(root㉿forensiclinux)-[/FORENSIC/lab_data_leaks_Win]
└─# icat -o 206848 cfreds_2015_data_leakage_pc.dd 13929 > usrclass_informant.dat
┌──(root㉿forensiclinux)-[/FORENSIC/lab_data_leaks_Win]
└─# rip.pl -r usrclass_informant.dat -p muicache
Launching muicache v.20200525
muicache v.20200525
(NTUSER.DAT,USRCLASS.DAT) Gets EXEs from user's MUICache key
Software\Microsoft\Windows\ShellNoRoam\MUICache not found.
Local Settings\Software\Microsoft\Windows\Shell\MUICache
LastWrite Time 2015-03-25 15:29:12Z
C:\Windows\system32\WFS.exe (Microsoft Windows Fax and Scan)
C:\Program Files\Internet Explorer\iexplore.exe (Internet Explorer)
C:\Users\informant\Desktop\Download\IE11-Windows6.1-x64-en-us.exe (Internet Explorer 11 Setup utility)
C:\Windows\System32\xpsrchvw.exe (XPS Viewer)
`
I am able to access the webpage but I cannot download via firefox or wget. Please help.
Im wondering if this is mispelt on purpose just to annoy me.
Thanks
The links within the PPT slide of "Lab 0" don't provide valid 7z images. The link to the original data files of the NIST are hidden below an image with the link to some dropbox files. The original case study files should be used instead:
Please update your PPT files. Thank you.
Here is the image creation failure of your files:
`
└─$ ls -l
insgesamt 6291480
-rw-r--r-- 1 kali kali 2147483648 23. Feb 15:32 cfreds_2015_data_leakage_pc.7z.001
-rw-r--r-- 1 kali kali 2147483648 23. Feb 15:58 cfreds_2015_data_leakage_pc.7z.002
-rw-r--r-- 1 kali kali 2147483648 23. Feb 16:28 cfreds_2015_data_leakage_pc.7z.003
└─$ 7z e cfreds_2015_data_leakage_pc.7z.001
7-Zip [64] 16.02 : Copyright (c) 1999-2016 Igor Pavlov : 2016-05-21
p7zip Version 16.02 (locale=de_DE.UTF-8,Utf16=on,HugeFiles=on,64 bits,4 CPUs Intel(R) Core(TM) i5-3210M CPU @ 2.50GHz (306A9),ASM,AES-NI)
Scanning the drive for archives:
1 file, 2147483648 bytes (2048 MiB)
Extracting archive: cfreds_2015_data_leakage_pc.7z.001
ERROR: cfreds_2015_data_leakage_pc.7z.001
cfreds_2015_data_leakage_pc.7z
Open ERROR: Can not open the file as [7z] archive
ERRORS:
Headers Error
WARNINGS:
There are data after the end of archive
Can't open as archive: 1
Files: 0
Size: 0
Compressed: 0
`
Slide p. 40: RegRipper binary can be downloaded from Kali's Git repository: https://gitlab.com/kalilinux/packages/regripper with git.
The advantage is that more plugins are available.
This is how I did it:
# Create folder for Kali tools in ~/lab
mkdir ~/lab/kali-tools
# Change directory
cd ~/lab/kali-tools
# Clone RegRipper
git clone https://gitlab.com/kalilinux/packages/regripper.git
# Make perl scripts executable
sudo chmod u+r regripper/rip.pl regripper/plugins/*.pl
# Create alias for 'rip.pl'
# temporarely
alias rip.pl='perl ~/lab/kali-tools/regripper/rip.pl'
# If you want to change the alias permanently add the command to your .bashrc file and source it.
# Test the command by entering 'rip.pl'
Regards,
ela
`
The link to the Echo Show image is no longer active:
https://miya.teracloud.jp/share/11d194c7357b5632
FYI note that the libpff version number is a single number eg. 20211114 not "01.17.2021"
-- | -- | --
libpff | 01.17.2021 | https://github.com/libyal/libpff
Please fix your README
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.