Lernkarten

Karten 7 Karten
Lernende 0 Lernende
Sprache English
Stufe Universität
Erstellt / Aktualisiert 20.06.2019 / 20.06.2019
Lizenzierung Keine Angabe
Weblink
Einbinden
0 Exakte Antworten 7 Text Antworten 0 Multiple Choice Antworten
Fenster schliessen

What are the advantages of FOSS (free and open source software) forensics?

Advantages:

  • No license fees or usage cost
  • Transparency, can review source code
  • Can modify / fix (you have the source)
  • Scripting and automation
  • good for learning and research
  • community support can be great

Disadvantages

  • community support can be horrible
  • not good compatibility with proprietary file formats
  • Not always easy to use (lots of command line)
  • Poor documentation
  • Volunteers projects might be abandoned
  • No guarantee "as is", "use at your own risk"
Fenster schliessen

what are some of the common shells used today and what can you do in the shell?

Common shells used today:

  • bash - most popular
  • zsh - highly customizable
  • ksh, csh, Bourne(sh) - more traditional UNIX
  • busybox - emergency shell

You can do a lot in a shell:

  • execute user commands or shell scripts
  • manage files, processes
  • network and system administration
  • terminal based applications
  • many GUI programs are just shell frontends

 

Fenster schliessen

Name 3 file descriptors.

  • stdin - input (0), data into a program
  • stdout - output (1), data from a program
  • stderr - error (2), error/debug data from a program
Fenster schliessen

name 4 commands which can be used to pipe data into and out of a program.

  • ">" send data from a program to a file (create file if needed)
  • ">>" append data from a program to a file (create if needed)
  • "<" send data from a file to a program
  • "|" send data from a program to a program
Fenster schliessen

Name 4 different commands to list hardware

  • lsusb - displaying information about USB busses in the system and the devices connected to them.
  • lspci - displays information about the PCI busses in the system and the devices connected to them.
  • lshw (lshw -businfo) - is a small to to extract detailed information on the hardware configuration of the system
  • lsblk - lists information about all available or the specified block devices.

A block device is a computer data storage device that supports reading and (optionally) wtriting data in fixed-size blocks, sectors, or clusters.

Fenster schliessen

What devices can be found in /dev ?

  • SATA and SCSI are /dev/sda, /dev/sdb, /dev/sdc, ...
  • NVME is  /dev/nvme0n1, /dev/nvme1n1, ...
  • MMC caards are /dev/mmcblk0, /dev/mmcblk1, ...
  • Tapes are /dev/st0, /dev/nst0, /dev/st1

Partitions are added to the raw device name

  • /dev/sda1, /dev/sda2, ...
Fenster schliessen

What tools can be used for digital forensics? (type of tools not specific names)

  • forensic acquisition/analysis developed tools (like TSK)
  • troubleshooting and diagnostic tools
  • hacking and pentest tools
  • tools for repairing corrupt files
  • tools for extracting or convertiong data
  • tools for debugging and tracing code
  • tools for disassembly and decompiling code
  • tools for searching (grep)