Criminalistica Digitala - salvarea fisierelor sterse de pe un hard


Autor: John Cohen



Multi dintre colegii mei detectivi se confrunta cu probleme digitale si apeleaza la ajutorul meu pentru a gasi probe pe hard-disk-urile subiectilor. Sunt cazuri in care subiectul investigat isi sterge de pe stick poze compromitatoare si atunci au nevoie de un specialist ca mine pentru a gasi fisierele pdf, jpeg, word, excel etc. Alte structuri au nevoie de a gasi dovezi in apararea cauzei lor si atunci au nevoie de firma noastra in a gasi lucruri, care nu trebuie sa fie pe acel obiect... In cazul experimentului meu, am folosit un stick de 1 giga, care a fost sters de 6 ori folosind un soft dedicat pentru aceste operatii. Din ce se poate vedea in filmari, stick-ul este gol 100%. Nu are niciun fisier in el, totul a fost sters, insa cu toate acestea am reusit sa salvez tot ceea ce fusese sters. Ca sa vedem situatia hardurilor trebuie sa folosim comanda `fdisk -l` <br><br> <h4 class="text-center">RecoverJPEG</h4> <br><br> <div class="embed-responsive embed-responsive-16by9"> <iframe class="embed-responsive-item" src="https://www.youtube.com/embed/p7zSqN9UA6E" frameborder="0" allow="accelerometer; autoplay; encrypted-media; gyroscope; picture-in-picture" allowfullscreen></iframe> </div> <br><br> In cazul primului experiment am reusit sa salvez pozele de pe acest stick. Am reusit sa ma surprind si pe mine, fiindca eram sigur ca nu voi mai reusi sa salvez ceva, chiar daca rulasem acel soft de stergere anterior. Am folosit comanda `recoverjpeg /dev/sdb1` Recoverjpeg este programul folosit, iar dev/sdb1 este practic sursa care trebuie scanata, in cazul nostru stick-ul M1. <br><br> <h4 class="text-center">Foremost</h4> <br><br> <div class="embed-responsive embed-responsive-16by9"> <iframe class="embed-responsive-item" src="https://www.youtube.com/embed/aTT9KvZ49eQ" frameborder="0" allow="accelerometer; autoplay; encrypted-media; gyroscope; picture-in-picture" allowfullscreen></iframe> </div> <br><br> Comanda <br> `foremost -t all -v -i /dev/sdb1 -o /root/Desktop/recover` practic spune ca sa foloseasca tool-ul foremost pt a scana toate tipurile de fisiere din stick-ul M1, a le arata numele si meta-datele si a salva tot ce gaseste intr-un folder de pe Desktop numit recover. <br><br> <h4 class="text-center">DCFLDD</h4> <br><br> Este posibil ca accesand hard-ul pe care il analizam, sa stricam cumva memoria lui, sau chiar sa suprascriem ceva, alterand in final dispozitivul. Pentru a nu-l afecta, sau schimba, e mai simplu sa cream o imagine a lui, pe care ulterior sa o analizam. In cazul nostru `image.dd` devine imaginea acestui dispozitiv. Dcfldd ne ajuta sa facem exact acest lucru, creandu-ne imaginea lui M1. <br><br> `cd Desktop` `dcfldd if=/dev/sdb1 of=image.dd` `dcfldd if=/dev/sdb1 of=image.img` `foremost -t all -v -i /Desktop/image.dd -o Desktop/recover1` <br><br> <div class="embed-responsive embed-responsive-16by9"> <iframe class="embed-responsive-item" src="https://www.youtube.com/embed/_UyNdaBO2mU" frameborder="0" allow="accelerometer; autoplay; encrypted-media; gyroscope; picture-in-picture" allowfullscreen></iframe> </div> <br><br> <h4 class="text-center">Scalpel</h4> <br><br> Scalpel ofera din punctul meu de vedere o analiza mult mai amanuntita decat poti sa faci cu Foremost, asa ca va invit sa urmariti video-ul cu pasii de urmat. `cd /etc/scalpel && ls ` `nano scalpel.config` aici editam ce fisiere dorim sa vedem, decomentand randurile scrise in python `scalpel Desktop/image.dd -o Desktop/scalpel` <br><br> <div class="embed-responsive embed-responsive-16by9"> <iframe class="embed-responsive-item" src="https://www.youtube.com/embed/EfZNWC-SqF8" frameborder="0" allow="accelerometer; autoplay; encrypted-media; gyroscope; picture-in-picture" allowfullscreen></iframe> </div>


COHEN INVESTIGATIONS AGENCY SRL
Ilfov, Romania
Telefon: 0771.060.860.    
Site: www.cohen.ro 
Email: [email protected]

#detectivparticular #pi #romania #bucuresti #investigatii #it #cybersecurity #detectiv #detectivi #politia #police #inselaciuni #verificari #siguranta #incredere #iubit #iubita #iubire #security #homeprotection #protection #tscm #facialrecognition #recunoasterefaciala #soft #phishing #scams #chatboot #pi #robot #malitious #html #car #carrecognition #bucharest #bucuresti #nato #wearenato #heroku #development #nato #security #cybersecurity #wireless #pentestings #penetrationtesting #personrecognition #indivizi #recunoasterepersoane #video #searex #privatesearch #internet

Pictures Copyright Pozele acestui articol au fost luate de pe site-ul www.pexels.com, site care ofera gratis spre uz personal si comercial aceste poze. --- [All photos on Pexels can be used for free for commercial and noncommercial use](https://www.pexels.com/photo-license)

Disclaimer

Any actions and or activities related to the material contained within this Website is solely your responsibility.The misuse of the information in this website can result in criminal charges brought against the persons in question. The authors and Our Company will not be held responsible in the event any criminal charges be brought against any individuals misusing the information in this website to break the law.

This site contains materials that can be potentially damaging or dangerous. If you do not fully understand something on this site, then GO OUT OF HERE! Refer to the laws in your province/country before accessing, using,or in any other way utilizing these materials.These materials are for educational and research purposes only! Do not attempt to violate the law with anything contained here. If this is your intention, then LEAVE NOW! Neither administration of this server, the authors of this material, or anyone else affiliated in any way, is going to accept responsibility for your actions. Neither the creator nor Our Company is responsible for the comments posted on this website.

Any linked sites are not under the control of author or Our Company and the author or Our Company is not responsible for the contents of any linked site or any link contained in a linked site, or any changes or updates to such sites. We are providing these links to you only as a convenience, and the inclusion of any link does not imply endorsement by us.

In any site as large as ours that deals with so many controversial topics and skills, it has become necessary to address a few incidents and implement a user terms and services agreement. We want to provide a free, safe and legal training environment to the users of this site.


Our Aim

Our Company : This website will help you gain entry into the minds of seasoned computer criminals, so that you can forestall their attempts and you will be hence well equipped to detect the ways in which hackers can infiltrate your system.

Your usage of this website constitutes your agreement to the following terms.

  1. All the information provided on this site are for educational purposes only. The site is no way responsible for any misuse of the information.
  2. Our Company is a site related to Private Investigation and not a site that promotes hacking /cracking / software piracy.
  3. This site is totally meant for providing information on "Private Investigation", “Computer Security”, “Computer Programming” and other related topics and is no way related towards the terms “CRACKING” or“HACKING” (Unethical).
  4. Few articles (posts) on this site may contain the information related to “Hacking Passwords” or“Hacking Email Accounts” (Or Similar terms). These are not the GUIDES of Hacking. They only provide information about the legal ways of retrieving the passwords. You shall not misuse the information to gain unauthorised access. However you may try out these hacks on your own computer at your own risk. Performing these attempts (without permission) on computers that you do not own is illegal.
  5. The virus creation section on this site provides demonstration on coding simple viruses using high level programming languages. These viruses are simple ones and cause no serious damage to the computer. However we strongly insist that these information shall only be used to expand programming knowledge and not for causing malicious attacks.
  6. All the information on this site are meant for developing Defense attitude among the users and help preventing the hack attacks. Our Company insists that these information shall not be used for causing any kind of damage directly or indirectly. However you may try these codes on your own computer at your own risk.
  7. The word “Hack” or “Hacking” that is used on this site shall be regarded as “Ethical Hack” or “Ethical Hacking” respectively.
  8. We believe only in White Hat Hacking. On the other hand we condemn Black Hat Hacking.
  9. Some of the tricks provided by us may no longer work due to fixture in the bugs that enabled the exploits. We are not responsible for any direct or indirect damage caused due to the usage of the hacks provided on this site.
  10. We reserve the right to modify the Disclaimer at any time without notice.
  11. We are not the vendors of any products (software, books etc.) that we recommend on our website in the PRODUCTS section and other selected posts/articles. Hence we do not have any liability related to the products recommend by us. It is the responsibility of the buyers to contact the respective vendors for any queries related to the products.