Hacking Articles

Hacking Articles Part 21

Kali Linux – Forensic Tools

[Disclaimer: The content of this article is for educational purposes only. It was written to help readers test their skills on using computers and/or Kali Linux and share knowledge about Kali Linux to the users. The writer of this article/guide take no responsibility for actions resulting from the inappropriate usage of informations contained of this article/guide.]

We got so far now guys, only 10 hacking articles was left and hopefully you will learn something from these 10 left articles, hacking articles was made to share my knowledge to you guys and don't forget that this is not the end, after hacking articles, I will make more article/guide or article series.

p0f

-it is a tool that can identify the operating system of a target host by examining captured packets even when the device in question is behind a packet firewall. It does not generate additional network traffic, direct or indirect; no name lookups; no mysterious probes; no ARIN queries; nothing. When you are an advanced user, you can use p0f to detect firewall presence, NAT use, and existence of load balancers.

Just type "p0f -h" in the terminal to see how to use it and you can get the following results

-i iface will list even the available interfaces like in the following screenshots.

Then type "p0f -I eth0 -p -o filename"

The parameter "-i" is the interface name as shown in the screenshot. "-p" means it is in promiscuous mode. "o" means the output will be saved in a file.

Then open a webpage with the address 192.168.1.2 and results will show the webserver and the Operating system of the available interface.

pdf-parser

-It is a tool that parses a PDF Document to identify the fundamental elements used in the analyzed pdf file. But tis one will not render a PDF Document and it is not recommended for text book case for PDF parsers. This was usually used for PDF files that suspected to have a script that was embedded in it.

The command to run this was "pdf-parser -o 10 filepath" where the parameter "-o" is the number of objects.

Dumpzilla

-*sounds like Godzilla, right? Haha" Dumpzilla is developed in Phython 3.x and has as a purpose to extract all forensic interesting information of Firefox, Iceweasel, and Seamonkey browsers to be analyzed.

ddrescue

-This one copies the data from one file or block drive to another, trying to rescue the good parts first in case of read errors. Its basic operations is fully automatic so you don't have to wait for an error, stop the program, restart it from a new position, etc.

The command line that you will use is:

dd_rescue infilepath outfilepath

where parameter "-v" means verbose. "/dev/sdb" is the folder to be rescued. The img file is the recovered image.

DEF

-It was used to recover the files and it has a GUI too. To open this one, type "dff-gui" in the terminal and the following GUI will open.

Step 1: Click File -> "Open Device"

Step 2: Check "Raw Format"

Step 3: Click "+" and choose the file you want to recover.

Step 4: Then Click "OK"

Then you can browse the files on the left of the pane to see what has been recovered.

The time was so fast so I need to type this fast too, I dont have that much time to do some articles because I am so busy right now but for all of you guys, I continued to type and finish this articles, I hope you learn something today about Kali Linux and Forensic tools and don't forget to follow and subscribe for more articles to come in this group page.