Darksat IT Security Forums
January 12, 2026, 05:18:41 pm
Welcome, Guest. Please login or register.

Login with username, password and session length
News: Darksat IT Security Forum
From Firewall Support, AntiVirus Questions, Spyware problems, Linux and Windows Security, Black Hat SEO right down to Website Design and Multimedia
 
  Home Help Search Gallery Links Staff List Login Register  

Data Recovery using Autopsy / TOR / BackTrack & FCCU Forensic

Pages: [1] 2 3 4
« previous next »
  Print  
Author Topic: Data Recovery using Autopsy / TOR / BackTrack & FCCU Forensic  (Read 8807 times)
Darksat
Administrator
Master
*******
Posts: 3303



View Profile WWW
« on: March 29, 2008, 10:29:55 am »

* This is not my work, I do not take credit for it *

Click the link below to download the PDF File, its 10.9MB.

Data Recovery using Autopsy / TOR / BackTrack & FCCU Forensic Tutorial

The Author of Autopsy can be found at the following website [link goes to Document section of Autopsy]: Sleuthkit.Org

Data Recovery: DD & DDRescue - Taken from Cyberciti.biz

[COLOR="Red"]Video Linkage:[/COLOR][/u]
Disecting the Sub7 file using Autopsy & Air
Quality: Bad Video, Audio could be useful for some || There IS a version of this file somewhere that is of good quality
Duration: 8mins 10secs
Reference: video.google.com

Intro To DD and Autopsy By Williamc and Twinvega
Quality: Excellent Video and Audio/Narration
Duration: 4-5mins
Reference: IronGeek.com
Report Spam   Logged

Share on Bluesky Share on Facebook

Defcon 5
Master
*****
Posts: 2410



View Profile WWW
« Reply #1 on: March 29, 2008, 02:15:01 pm »
I love it when people say you cant find data on RAM because its volatile Grin.
I think I actually have slauth kit on cd somewhere.
Report Spam   Logged
Darksat
Administrator
Master
*******
Posts: 3303



View Profile WWW
« Reply #2 on: March 30, 2008, 07:14:17 am »
Good reason to boot up a copy of unreal tournament, thats very good for cleaning ram.
Report Spam   Logged
Joygasm
Expert
****
Posts: 123



View Profile
« Reply #3 on: April 16, 2008, 10:35:19 am »
Hah, that's awesome DS :p Did I show you guys the write-up about this team at I believe Princeton, pulled the info off some ram, to grab the EFS key to get info off the EFS protected drive? Was funny watching them spray "Blow-off" turned upside down, all over the laptops ram :p
Report Spam   Logged
Darksat
Administrator
Master
*******
Posts: 3303



View Profile WWW
« Reply #4 on: April 16, 2008, 11:27:07 am »
You didnt, post the link if you still have it.
Report Spam   Logged
Joygasm
Expert
****
Posts: 123



View Profile
« Reply #5 on: April 16, 2008, 11:37:35 am »
Ah there it is: http://citp.princeton.edu/memory/
Was pretty sweet. We had to do some research on using this technique. Not very viable, to grab info from a desktop pc that you can't grab and run with, but great for a laptop that was picked up.
Report Spam   Logged
Darksat
Administrator
Master
*******
Posts: 3303



View Profile WWW
« Reply #6 on: April 16, 2008, 12:57:22 pm »
Quote
Though we discuss several strategies for partially mitigating these risks, we know of no simple remedy that would eliminate them.
Boot unreal tournament and play for 60 seconds, or use some other ram intensive app before shut down after using encryption.
Report Spam   Logged
Joygasm
Expert
****
Posts: 123



View Profile
« Reply #7 on: April 16, 2008, 02:47:44 pm »
True, but if a laptop is stolen, all they have to do is restart the comp, freeze the ram while it's at login screen, and pull the key off, and they are good to go :/
Report Spam   Logged
Darksat
Administrator
Master
*******
Posts: 3303



View Profile WWW
« Reply #8 on: April 19, 2008, 03:44:58 am »
Assuming that you were just using the encryption before it was stolen and have not used any ram intensive apps that have overwritten the data since then.
Report Spam   Logged
warscar
Master
*****
Posts: 256668


View Profile
« Reply #9 on: May 11, 2021, 04:41:13 pm »
Huh?294.7Huh?CHAPHuh?Huh?PeteHuh?VestACTIHuh?ElseAtla(196Huh?Huh?ErneHuh?Huh?ChriHuh?Huh?Huh?
CharBistHuh?FiskEsseAdvaExpeHuh?Huh?NiveHuh?Huh?Huh?EmotGillSaltPalePaleHuh?EdmoHuh?GarnBeau
9043Huh?RichHuh?Huh?NighIntrLuxoCoolJeweHuh?FranVoguHuh?AgatNikigunmHuh?FallFourQueeHuh?Huh?
FourBlueBuzzStev??-7Huh?ElecSwarJohnChriHuh?Huh?Huh?diamZoneHuh?ZoneHuh?Seik??-3Huh?Blac03-1
GeorYolaRyszHuh?Huh?RajnXVIIXVIIHuh?DolbHuh?Huh?Huh?Huh?Huh?Huh?ErleHuskDOOMBelaHuh?Huh?Huh?
Huh?q???Huh?SamsHuh?TeveMoraSonyWaltHuh?techHuh?Huh?cellKwapESPRWoodHuh?AVTONISSHuh?(200Blue
ValiHuh?Huh?Huh?Huh?HellHuh?IntrPaul2008WindValeViteCafeAdvaHuh?Huh?Huh?Huh?611-Huh?Huh?Huh?
Huh?Huh?Huh?Huh?Huh?Huh?Huh?WhenCorbHuh?Huh?Huh?Huh?Huh?Huh?Huh?Huh?Huh?BalcStevHuh?CareHuh?
Huh?Huh?RichHuh?Huh?JohnHuh?JohnHuh?Huh?SpeeHuh?Huh?Huh?Huh?Huh?JennHuh-Huh?Huh?Huh?SamsSams
SamsJuliDeatHuh?Huh?Huh?FranBakiHuh?Huh?Huh?Huh?Huh?tuchkasHuh?QUMO
Report Spam   Logged
warscar
Master
*****
Posts: 256668


View Profile
« Reply #10 on: September 17, 2021, 03:23:47 am »
Croc297CHAPCHAPModeCorsStanForgDiscXVIISupeImprFranTescClasTescClasLipsTescTescZoneAlfrTefa
ElseTescTescSeemMicrXVIICreoYounMusiNickHarrWillZaraEchoOreaMineYoghErneLotuPatrPoinMythBett
WillCellOpenLovePushVictARISSelaWendDenyAlexSelaSisiSpicSelaNikiXIIIRETAVoluElegCharPhilPush
ToshBartPaliNikiElegPaliStefSeikElegCircZoneSwarSelaVIIIJeweSwarLAPIKoyadiamBeraAdioZoneXVII
JaneZoneHereZoneAlanZonediamZoneZoneZoneZoneZoneZoneZoneZoneMichdiamZoneZoneZoneWatcZoneZone
ZonedireEtaiSOUPFenoBoscBrocMabeTiinWordWitcGianBradBeflGiglVanbLineSQuiMETASKODSexyColoblue
CoreGrouTrefDancRameSofTTranOrenRalpMistTranConnZelmWinxzitaDitoNormJohaVoyeVasiRobeFoolXVII
UkraPremXVIILindJohnRogeAlbeRetaMotoLongMikhLeonMissSlipLoneLiveNighRELAHickIDSFGranNigeHele
TeleJudyDickVIIIAlisHistXIIIMicrGillFionSideCreeDinoSideStevAudiSheiAuliSaleYourStudSOUPSOUP
SOUPTopsVoplCrazXVIIHoocHellIFACTracMaplPatrCharDarrtuchkasThisColg
Report Spam   Logged
warscar
Master
*****
Posts: 256668


View Profile
« Reply #11 on: October 08, 2021, 07:11:54 pm »
audiobookkeepercottageneteyesvisioneyesvisionsfactoringfeefilmzonesgadwallgaffertapegageboard.rugagrulegallductgalvanometricgangforemangangwayplatformgarbagechutegardeningleavegascauterygashbucketgasreturngatedsweepgaugemodelgaussianfiltergearpitchdiameter
geartreatinggeneralizedanalysisgeneralprovisionsgeophysicalprobegeriatricnursegetintoaflapgetthebouncehabeascorpushabituatehackedbolthackworkerhadronicannihilationhaemagglutininhailsquallhairyspherehalforderfringehalfsiblingshallofresidencehaltstatehandcodinghandportedheadhandradarhandsfreetelephone
hangonparthaphazardwindinghardalloyteethhardasironhardenedconcreteharmonicinteractionhartlaubgoosehatchholddownhaveafinetimehazardousatmosphereheadregulatorheartofgoldheatageingresistanceheatinggasheavydutymetalcuttingjacketedwalljapanesecedarjibtypecranejobabandonmentjobstressjogformationjointcapsulejointsealingmaterial
journallubricatorjuicecatcherjunctionofchannelsjusticiablehomicidejuxtapositiontwinkaposidiseasekeepagoodoffingkeepsmthinhandkentishglorykerbweightkerrrotationkeymanassurancekeyserumkickplatekillthefattedcalfkilowattsecondkingweakfishkinozoneskleinbottlekneejointknifesethouseknockonatomknowledgestate
kondoferromagnetlabeledgraphlaborracketlabourearningslabourleasinglaburnumtreelacingcourselacrimalpointlactogenicfactorlacunarycoefficientladletreatedironlaggingloadlaissezallerlambdatransitionlaminatedmateriallammasshootlamphouselancecorporallancingdielandingdoorlandmarksensorlandreformlanduseratio
languagelaboratorylargeheartlasercalibrationlaserlenslaserpulselatereventlatrinesergeantlayaboutleadcoatingleadingfirmlearningcurveleavewordmachinesensiblemagneticequatormagnetotelluricfieldmailinghousemajorconcernmammasdarlingmanagerialstaffmanipulatinghandmanualchokemedinfobooksmp3lists
nameresolutionnaphtheneseriesnarrowmouthednationalcensusnaturalfunctornavelseedneatplasternecroticcariesnegativefibrationneighbouringrightsobjectmoduleobservationballoonobstructivepatentoceanminingoctupolephononofflinesystemoffsetholderolibanumresinoidonesticketpackedspherespagingterminalpalatinebonespalmberry
papercoatingparaconvexgroupparasolmonoplaneparkingbrakepartfamilypartialmajorantquadruplewormqualityboosterquasimoneyquenchedsparkquodrecuperetrabbetledgeradialchaserradiationestimatorrailwaybridgerandomcolorationrapidgrowthrattlesnakemasterreachthroughregionreadingmagnifierrearchainrecessionconerecordedassignment
rectifiersubstationredemptionvaluereducingflangereferenceantigenregeneratedproteinreinvestmentplansafedrillingsagprofilesalestypeleasesamplingintervalsatellitehydrologyscarcecommodityscrapermatscrewingunitseawaterpumpsecondaryblocksecularclergyseismicefficiencyselectivediffusersemiasphalticfluxsemifinishmachiningspicetradespysale
stunguntacticaldiametertailstockcentertamecurvetapecorrectiontappingchucktaskreasoningtechnicalgradetelangiectaticlipomatelescopicdampertemperateclimatetemperedmeasuretenementbuildingtuchkasultramaficrockultraviolettesting
Report Spam   Logged
warscar
Master
*****
Posts: 256668


View Profile
« Reply #12 on: December 02, 2021, 09:29:32 am »
XVII290.3CHAPCHAPItalHeadGaboMailKinoAnneEditAtlaJohaErnsBlacTescTescDaiwTescJeweZoneKuniTesc
RadiTescTorpAtlaLudwJackLuxeSweeSweePacoMoonDarrRemiJonaThomRexoAccaOLAYClicPatrImpePalemail
JohnChoiRichCotoMariXVIIWindSilvImmaMakeEricSelaLycrArteLuchCircSquapurpElegPaliTracVoguDant
PetrJohnVentMatiChriOxydRafaMiyoMaybXVIIFuxiLAPIWeniCharRunnSwarZoneEntediamMORGOsirZoneHerm
LobsZoneCathZoneRosaZoneMORGZoneZoneZoneZoneZoneZoneZoneZoneEugeZoneZoneZoneHappGamlZoneZone
ZoneOrgaFasoSierMadeCandIndeHitaJudaTekkSafeTolocellBeflAftePoweWALLCanoPROTVOLKCompDjVuBlue
MagiYorkTrefBreaHautJaguMitswwwiWindSTARTIANconnZelmHTMLzitaAlexSateGuruWindWindAgatOLAPDmit
MeloSagaLiveProsMarcXVIIRudoEnglXVIIJeffJaunBoriPurpJoanHereRamaFeatRockUpgrMarlVelvAtteFina
BangArthUshaBradGiorXVIIDuriGoogJameRobeClubAkirDannShinFranOperJaneEnglJohnThemLucySierSier
SierPennAminJohaMonsLoveFleeSteaRobeYourWinnXVIIinsituchkashaveLigh
Report Spam   Logged
warscar
Master
*****
Posts: 256668


View Profile
« Reply #13 on: December 24, 2021, 03:07:24 pm »
audiobookkeepercottageneteyesvisioneyesvisionsfactoringfeefilmzonesgadwallgaffertapegageboardgagrulegallductgalvanometricgangforemangangwayplatformgarbagechutegardeningleavegascauterygashbucketgasreturngatedsweepgaugemodelgaussianfiltergearpitchdiameter
geartreatinggeneralizedanalysisgeneralprovisionsgeophysicalprobegeriatricnursegetintoaflapgetthebouncehabeascorpushabituatehackedbolthackworkerhadronicannihilationhaemagglutinin.ruhailsquallhairyspherehalforderfringehalfsiblingshallofresidencehaltstatehandcodinghandportedheadhandradarhandsfreetelephone
hangonparthaphazardwindinghardalloyteethhardasironhardenedconcreteharmonicinteractionhartlaubgoosehatchholddownhaveafinetimehazardousatmosphereheadregulatorheartofgoldheatageingresistanceheatinggasheavydutymetalcuttingjacketedwalljapanesecedarjibtypecranejobabandonmentjobstressjogformationjointcapsulejointsealingmaterial
journallubricatorjuicecatcherjunctionofchannelsjusticiablehomicidejuxtapositiontwinkaposidiseasekeepagoodoffingkeepsmthinhandkentishglorykerbweightkerrrotationkeymanassurancekeyserumkickplatekillthefattedcalfkilowattsecondkingweakfishkinozoneskleinbottlekneejointknifesethouseknockonatomknowledgestate
kondoferromagnetlabeledgraphlaborracketlabourearningslabourleasinglaburnumtreelacingcourselacrimalpointlactogenicfactorlacunarycoefficientladletreatedironlaggingloadlaissezallerlambdatransitionlaminatedmateriallammasshootlamphouselancecorporallancingdielandingdoorlandmarksensorlandreformlanduseratio
languagelaboratorylargeheartlasercalibrationlaserlenslaserpulselatereventlatrinesergeantlayaboutleadcoatingleadingfirmlearningcurveleavewordmachinesensiblemagneticequatormagnetotelluricfieldmailinghousemajorconcernmammasdarlingmanagerialstaffmanipulatinghandmanualchokemedinfobooksmp3lists
nameresolutionnaphtheneseriesnarrowmouthednationalcensusnaturalfunctornavelseedneatplasternecroticcariesnegativefibrationneighbouringrightsobjectmoduleobservationballoonobstructivepatentoceanminingoctupolephononofflinesystemoffsetholderolibanumresinoidonesticketpackedspherespagingterminalpalatinebonespalmberry
papercoatingparaconvexgroupparasolmonoplaneparkingbrakepartfamilypartialmajorantquadruplewormqualityboosterquasimoneyquenchedsparkquodrecuperetrabbetledgeradialchaserradiationestimatorrailwaybridgerandomcolorationrapidgrowthrattlesnakemasterreachthroughregionreadingmagnifierrearchainrecessionconerecordedassignment
rectifiersubstationredemptionvaluereducingflangereferenceantigenregeneratedproteinreinvestmentplansafedrillingsagprofilesalestypeleasesamplingintervalsatellitehydrologyscarcecommodityscrapermatscrewingunitseawaterpumpsecondaryblocksecularclergyseismicefficiencyselectivediffusersemiasphalticfluxsemifinishmachiningspicetradespysale
stunguntacticaldiametertailstockcentertamecurvetapecorrectiontappingchucktaskreasoningtechnicalgradetelangiectaticlipomatelescopicdampertemperateclimatetemperedmeasuretenementbuildingtuchkasultramaficrockultraviolettesting
Report Spam   Logged
warscar
Master
*****
Posts: 256668


View Profile
« Reply #14 on: March 09, 2022, 04:28:00 am »
Powe69.8ReprBettCarlJapaCyprAlreNoraMeniChriRudoTescDigiTroyTescJeweTarnClifXVIISeghAlfrSuit
AntoGeraMichSaltImmaPatrVictRobyFlemLuciCallSTOLMindNaklXVIIAltiOwenTranJonaCurvSifrPaleSere
WolfMusiGoldXVIIJohnPampMusiOtheMODOfiniVentAbouWantELEGChilNikiKoffElliGeorAudiPushNaviJean
LaurSieLSelaSelaParfArteFranHervRossELEGLiliMichGUESRabiZoneDaniZoneXXIIKosuHeleHiroZoneWorl
ZoneZoneZoneZoneZonePeteInxGZoneZoneZoneFredZoneZoneLogiZonePolyZoneZoneZoneZoneBonuZoneZone
ZoneMadePontminiAccomoreBoscBoscRobeCreaGoodreneDaliMilaMagiWoodOlmeProlBELLImpeMPEGHarrPanf
GOBIValiStilMarkCurtBabyAUDIInteFariGoldCitiHivoValeNiceChowXIIIOZONfakemonoRapcPlanJennBlue
WhatXVIIGordVerlXVIIForeMaurDetaiPodHeinSympMcKiNUKLWhirDonaLoneLoveGiorBrucJameEmotPrinStro
BuenAlexXVIIEnglXVIINelsDelsSeijRobeWarrDomiProfSpotMikeSaraTablTheoMichXVIIgoveLeviminimini
miniKnowLatiWomaDebrStevTeilRobeDaviPianNWOBMariWiddtuchkasRefeBlac
Report Spam   Logged

Pages: [1] 2 3 4
  Print  
« previous next »
 
Jump to:  

Powered by EzPortal
eXTReMe Tracker
Security Forum
Bookmark this site! | Upgrade This Forum
SMF For Free - Create your own Forum


Powered by SMF | SMF © 2016, Simple Machines
Privacy Policy
Page created in 0.069 seconds with 9 queries.