Digital Forensics, Incident Response and Linux Ramblings
This is a short post covering the topic of manual data carving on Linux systems. Following a brief explanation of the topic itself, I focus on using a command-line tool called xxd to manually specify the start and end offsets of the content I wish to ‘carve’ out of the target data stream.
This post will be focusing on the usage of the Linux tool ‘dd’ in the forensic imaging process, along with two other tools that have been directly derived from dd and one which is similar in functionality. In addition, this post briefly covers the issue of data completeness when preparing to forensically acquire a device.
This post will be covering the use of the Android Debug Bridge (ADB) command-line tool on Linux. Focusing on the extraction of forensically relevant data from mobile devices packaged with the Android Operating System developed by Google.
In this post, I am going to be taking a closer look at the artifacts associated with the popular text-editor software known as ‘Vim’ to see if they have any forensic relevance when conducting a forensic investigation on a machine it has been installed on.
This is a quick post to say that I have recently created a command-line tool written in Bash called ‘HexConv‘. The script will take a hexadecimal string and convert it into its ASCII, Decimal and Binary equivalents.
In this post I am going to mess around with using an open-source tool for Linux called FreeRDP to gather information from a Windows machine running Remote Desktop Protocol (RDP) that may assist in an Incident Response scenario.