Summerschool Aachen 2004/Incident Research Lab

From C4 Wiki
Jump to: navigation, search

Notes on Presentations

Notes on Lab Session

Debian packages you might find usefull

You might want to look into the following tools:

  • graverobber - grab important data from system
  • ddrescue - spiced up dd
  • sleuthkit, autopsy - forensic toolkit (includes inode cat, ...)
  • fcrackzip - zip password cracker
  • nasm - netwide disasembler
  • e2undel - undelete for ext2
  • ntfstools - undelete for ntfs
  • bview - nice hex editor, vim-like
  • bsdmainutils (includes hd), or vim (includes xxd)