Introductie

Het komt steeds vaker voor dat de hulp wordt ingeroepen van digitaal forensisch onderzoekers. Onderzoek van pc's, netwerken, mobiele telefoons en aanverwante media vragen diepgaande kennis. Naast deze kennis zijn de tools voor het achterhalen van bepaalde gegevens en de interpretatie van gegevens zeer belangrijk. Deze blog zal proberen oplossingen aan te dragen voor hulp bij digitaal onderzoek. Verschillende tools passeren de revue, interessante artikelen worden verder uitgediept, links naar andere forensische sites en handleidingen ter ondersteuning komen aan bod.
ip information

donderdag 27 december 2007

Challenge yourself...

everybody goes on about reading, yes reading articles is important, but it is much better if you try and find it out yourself through experiments, you may find something nobody has discovered yet, because you didn't just follow what somebody wrote and you approached it with an open mind.

"take the stairs instead of the elevator"

its a metaphorical statement for finding something out. if you enter a building and need to go up you look for the stairs or elevator. imagine as you learn you rise up.

you could take the elevator, this will take you up the quickest. all you have to do is find the right one and push a button. however you may miss something in your apparent rapid ascent and not understand how you got there.

the alternative is the stairs. it will take you longer to get there and will require more time and effort. however each step will build on the previous ones, giving you a solid foundation to higher levels. you may also notice some interesting things on the way.

there is another way. do not rise, let the rise descend to you. this can by done by changing your reality so that you believe you are further up. if you believe it strongly enough it will "appear" to be no different from actually being there. if you can also change nearby entities' realities then they will think you are on their level. however it is a pretence and could be adverse if sustained for time. there is no subsitute for true first person experience.

thus the "mini challanges" were formed. simple and not so simple tasks for you to try. there is no race or rank and you are not graded on how you do. it is up to you to do the best you can.the challanges

use a resource hacker to modify an image and text string of a program.

save a file to your hard drive - delete it (also in recycle bin) using windows (not secure 3rd party delete) and then recover it using an undelete program or hex editor.

setup a test webserver to be accessed either on your local network or the internet, include ftp/ssh for user account upload. setup .htaccess on a folder. run a server sided script like asp/php/pl.

install a (smallish) program and record all of its file and registry entries and modifications.

tryout a different shell for your operating system.

setup a 2kpro box(no other bootable partitions or boot.ini edited) with ntfs - bios(pwd protected) set to boot from harddrive. set a (short) admin password and shutdown. get local admin access without using your memory of the password. findout what the password was.

backup a dvd and cd you own to divx (audio/video synced) and mp3 respectfully.

make a usable crosslinked piece of network cable.

hide a file/some data (atleast 512kb) somewhere on your hard drive.

crack a (shortish) des/md5 password with john the ripper.

check your email (not webmail) and send a message using telnet.

use a packet capturing program to see what information is exchanged when you connect to a website, when you check your email.

install/use pgp and exchange signed/encrypted email with a friend.

findout the manufactures, model numbers and main specifications of the major components in your computer.

signup for a shell account and try/use some of the services.

send a spoofed arp reply to a remote computer

do a trace on a domain name, find the ip, find out all the connections to get there, who is it hosted by, who was it registered by and under which accredited registrar.

compile some code into an exe, either written by you or somebody else, if the latter modify the code slightly, to add/remove/optimize a feature.

connect to an irc server and use/learn at least 10 /commands.

write a couple of html or wap web pages including images using a text editor. if html, include the style and script tags.

browse the internet using a/multiple proxy(s).

use nmap(nt) to do a scan on a remote computer.

install a rule based firewall - delete all default rules and write your own. test your security with an online scanner and/or local network scans.

install a linux distro either on a clean disk or dual boot.

Geen opmerkingen:

Real Time Visitors !