Questions tagged [forensics]
The forensics tag has no summary.
70 questions
0
votes
0
answers
31
views
How can I Determine CUDA update version based on installed toolkit files?
I've installed some version of the CUDA toolkit to /usr/local/cuda. Suppose I don't have access to any information about the system, like activity logs, package management state and such - I'm only ...
- 11k
1
vote
0
answers
304
views
Calculating the block offset
I need to overwrite certain files in a raw disk image without modifying the disk image too much. Ideally, only certain strings should be overwritten, but this will probably not be possible. That is ...
- 11
0
votes
0
answers
1k
views
Searching strings in raw disk image
I am currently writing a tool that should scan a readonly raw disk image for a a given pattern.
The task is to get the byte offset of the match.
I am able to find simple text documents with
grep -a -o ...
- 11
2
votes
1
answer
692
views
Tracing actions by user on a shared SSH key access
Imagine we have a shared ssh key/(username & password) between two users, We call them Bob and Alice.
Bob has connected to the server and has executed some chain of commands that led to the ...
- 121
0
votes
1
answer
147
views
RabbitMQ, SCP in Linux dropping connections
In GNU/Linux I have an issue with an application I have made.
It works in my development environment, most of the components running in dockers or natively, but it randomly (often, but not always) ...
- 238
1
vote
1
answer
10k
views
Fix/Repair Can't find a SQUASHFS superblock
I have an old filesystem backup that I made and compressed into a squashfs. It was stored on an ext4 filesystem, and I suspect it suffered from some bitrot. I don't have a backup of the file. Is there ...
- 1,920
0
votes
1
answer
124
views
Why does drive image show different start partition free size?
I made an image of /dev/sdc. The free space before the first partition isn't reporting the same byte sizes, but why?
The start position is reported as 1024B on the drive and 16384B on the image?
# ...
- 1,920
1
vote
1
answer
1k
views
LUKS-LVM partition resize problems
I have a concerning adventure while trying to resize(shrink) my LUKS lvm partition. I wanted to shrink my partition so that I can easily copy my system to a new smaller sized drive. Before I started ...
- 599
-1
votes
1
answer
2k
views
How to recover accidently deleted files from RedHat file server
one of my friend accidently deleted all files (jpg and pdf) from file server by using rm -rf command .is there is a way to recover those files with actual file names?
key points -
there is no backups ...
- 1
1
vote
1
answer
753
views
full read-only mount setting for BTRFS
I need to mount a BTRFS partition in 100% read-only mode, i.e. no hidden writes onto the disk whatsoever. The "ro" setting is not enough.
I tried some settings. The settings "ro,...
- 21
0
votes
0
answers
614
views
Recover files from accidently formatted NTFS dd image by Magic Bytes?
I have an dd image of a partition that once had a Windows 10 NTFS filesystem and then got accidentally formatted (or so I assume) and now has a pretty empty NTFS with only an empty Windows directory ...
- 755
0
votes
2
answers
503
views
If files are copied from a first volume to a second volume, will the files stay the same?
When I connect the external hard drives to my computer(with FreeBSD or other Unix systems) and copy files from the first external hard drive to the second hard drive, are the files on the second hard ...
- 1
3
votes
4
answers
1k
views
Find pattern on multiple lines within BIG log files
To investigate within logs, I am trying to find the very first time a vulnerability in a workflow has been exploited.
The pattern is on multiple lines.
The pattern would be
AAAAAAAAA
BBBBBBBBB
...
- 31
0
votes
0
answers
2k
views
Detect Brute Force Attack in auth.log
I´m very new to linux forensics and I´m analyzing an infected linux image.
Main question:
How got the hacker access to the system?
The auth.log file is full with automated brute force attack with ...
- 1
2
votes
2
answers
2k
views
What is the equivalent of autoruns tool in linux for finding suspicious startup executables?
In Windows, Autoruns tool is a really helpful tool for forensic investigators to help them find suspicious startup executables and filter the benign ones.
but i couldn't anything good like this in ...
- 177