venus/CyberSecurityClub
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

commit

Browse Source
This commit is contained in:
stephensottosanti
2021-03-07 22:35:47 -06:00
parent 565bb1efc2
commit 235e5204f5
4 changed files with 14 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

BIN
00_Archive/images/filesignatures.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 47 KiB

2
README.md
View File

@@ -12,7 +12,7 @@ Crimson Defense was established with three main goals in mind:<br>
DISCLAIMER: Using security techniques with malicious intent will result in your removal from Crimson Defense. If applicable, you will be reported to the appropriate authorities. Do not abuse your power, WE ARE NOT A HACKTIVIST GROUP.
<p align="center">
<img width="450px" src="00_Archive/images/CD main logo-01.png" alt="Logo"/>
<img width="450px" src="/00_Archive/images/CD main logo-01.png" alt="Logo"/>
</p>
<br>
<b>Email:</b> crimsonCyberDefense@gmail.com <br>

12
Skills/File Analysis/README.md
View File

@@ -6,4 +6,16 @@ One of the more common activities in digital forensics is the recovery of delete
Below is a screenshot of the output of the Sleuth Kit file listing tool (fls) which shows two files that have been “deleted” by the user but are still recoverable. The ability to recover and save what was previously thought to be deleted files can be very valuable in an investigation. <br>
<p align="center">
<img width="350px" src="fileanalysis.png" alt="Logo"/>
</p>
![File Analysis](https://github.com/crimsonDefense/CyberSecurityClub/blob/main/00_Archive/images/fileanalysis.png?raw=true) <br>
Specifically, when looking at the analysis of files, an investigator needs to start with the file header. File headers are information about a file that the computer stores so that it knows what type of file it is. Typically, file headers are stored in the first 4 or 5 bytes of a file. By using the hexdump tool, the hexadecimal version of a file can be viewed. Hexdump is available on most Linux distributions and there are many Windows interfaces to Hexdump (ex. https://sourceforge.net/projects/hexdump/). <br>
One of the more interesting items that occur during an investigation is when a suspect tries to disguise a file by changing an incriminating files signature. Having a good understanding of file signatures is important. Below is an exert from a larger list of file signatures of the more common files seen during investigations. A larger list can be seen at the following location: https://en.wikipedia.org/wiki/List_of_file_signatures <br>
<p align="center">
<img width="450px" src="00_Archive/images/CD main logo-01.png" alt="Logo"/>
</p>

0
00_Archive/images/fileanalysis.png → Skills/File Analysis/fileanalysis.png
View File

Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 414 KiB

After

Width:  |  Height:  |  Size: 414 KiB