Well, since the last time I posed, my time has been spent looking at better applications for doing forensic analysis. I have read a couple articles on The Coroner's Toolkit, (http://www.sans.org/reading_room/whitepapers/incident/the_coroners_toolkit_in_depth_651?show=651.php&cat=incident, http://www.giac.org/certified_professionals/practicals/gsec/0325.php). Since some of the data recovered, described in my last post, was corrupted using Lazarus piqued my interest. Now, I have TCT installed on a machine at work, yet have not yet tried to use it.
My next goal is to use a technique for hiding data on the disk, then to see if TCT or the Sleuth Kit can find it. Oh, and by the way, I found the Sleuth Kit at some point and am eager to try it out! The information hiding technique is Hiding Data with HPA. I need to gain a better understanding of how to hide data as well as how to use my tools. As the saying goes, the carpenter is only as good as his tools.
To be continued...
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment