收集一些取证的小知识
取证工具
[转载-收集]
取证工具: https://github.com/volatilityfoundation/volatility https://www.mandiant.com/resources/download/redline http://cert.at/downloads/software/densityscout_en.html http://rjhansen.github.io/nsrllookup/ https://github.com/dkovar/anal https://www.e-fense.com/store/index.php?_a=viewProd&productId=14 http://www.volatilityfoundation.org/#!24/c12wa https://github.com/sleuthkit/sleuthkit/tree/develop/man
一些文档
[转载-收集]
文档: http://www.freebuf.com/articles/system/26763.html http://drops.wooyun.org/papers/2854 http://www.forensicswiki.org/wiki/Tools%3aMemory_Imaging#Linux http://technet.microsoft.com/en-us/sysinternals/bb897441.aspx http://betanews.com/2013/10/28/check-unsigned-files-at-virustotal-with-sysinternals-sigcheck/ http://staff.washington.edu/dittrich/misc/forensics/
1.Linux下dump(dd命令)内存不成功?
Linux Kernel 2.6.x某个版本后开始对内存访问做了保护,无法dump出完整内存.可使用第三方工具Lime / fmem等来dump内存.
扫一扫
1818
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
