forensics.md

Forensics

Concepts

• Hiding text in pixels
• SSTV
• Example challenge writeup
• Zero width characters
• Zip files all the way down

Countdown

• https://incoherency.co.uk/countdown/
  • Solver - Solvers for the countdown letter and number games.

File Headers

• File Header Cheatsheet

GIFAR

• GIFAR Linux Version
• GIFAR Wikipedia
• GIFAR Windows Version

Walkthrough

Mojibake

• https://incoherency.co.uk/mojibake/

Tools

General

• https://georgeom.net/StegOnline/checklist
• Autopsy - Digital forensics platform
• bulk_extractor - Scans a disk image, a file, or a directory of files
• dc3dd - A patched version of GNU dd with added features for computer forensics
• DumpsterDiver - Analyze big volumes of various file types in search of hardcoded secrets
• Entropy - ent is a small, fast command line utility, plotting various entropy related metrics of files or pipe/stdin streams
• ExifTool - Read, Write and Edit Exif metadata
• Foremost - Restore files from their headers, footers and data structures
• frida-extract - Based RunPE extraction tool
• Kaitai - Reverse engineer different formats of files
• PdfParser - A standalone PHP library, provides various tools to extract data from a PDF file
• peepdf - Powerful Python tool to analyze PDF documents
• scalpel - Scalpel is an open source data carving tool.
• SSTV decoder
• volatility - Volatile memory extraction utility framework
• whatsapp-viewer - Small tool to display chats from the Android msgstore.db database
• zwfp - Zero-Width fingerprinting

Passwords

• BEWGor - Bull's Eye Wordlist Generator
• bruteforce-wallet - Try to find the password of an encrypted Peercoin (or Bitcoin, Litecoin, etc...) wallet file
• chntpw - Utility to reset the password on Windows
• chromepass - View passwords stored by Google Chrome Web browser
• crowbar - Brute forcing tool
• cupp - Common User Passwords Profiler
• hashcat - Advanced Password Recovery
  • Hob0Rules - Password cracking rules for Hashcat based on statistics and industry patterns
• John the Ripper - A fast password cracker
• John tutorial
• Another John tutorial
• KON-BOOT - Wim/Mac password breaker
• LaZagne - Credentials recovery project
• mimikatz - A little tool to play with Windows security
• passwordfox - Extract the user names/passwords stored in Firefox
• RarCrack - Crack .rar passwords
• SSH-Brute-Forcer - A Simple Multi-Threaded SSH Brute Forcer
• thc-hydra - Parallelized login cracker which supports numerous protocols to attack
• WCE - Windows Credentials Editor

Printing

• Print Watch - See what people printed

Steganography

• https://0xrick.github.io/lists/stego/
• Chess Steganography
• spectrology - Images to audio files with corresponding spectrograms encoder.
• Stego Toolkit - Collection of steganography tools - helps with CTF challenges