EvilZone
Other => Found it on the Webs => : ram1r3z0 September 22, 2015, 01:45:36 PM
-
Boring forensics stuff is over :|)
Tool for automatizing forensics
http://mantarayforensics.com/downloads/
-
Pft, since when has forensics been boring?
-
Well, I wrote a lot of scripts to do what Mantaray already do :) because running script after script is a lot of boring until you come to some interesting stuff :D
-
Well, I wrote a lot of scripts to do what Mantaray already do :) because running script after script is a lot of boring until you come to some interesting stuff :D
What do you usually use to do your forensics? Yeah, I understand but for a while it is interesting writing different scripts for what you are trying to get accomplished. I'm wondering if they'll be at the conference I am going to soon...might have to get in their training program while I'm there.
-
It depends if I analyze disk or memory.
In case of memory I use most volatility and some some own scripts which do carving with respect to memory.
In case of disks I use Encase and enscripts :). Of course SleuthKit, DFF and lot of more. It actually very depends on tasks needed to complete. In lot of cases Encase is enough. :)
-
It depends if I analyze disk or memory.
In case of memory I use most volatility and some some own scripts which do carving with respect to memory.
In case of disks I use Encase and enscripts :). Of course SleuthKit, DFF and lot of more. It actually very depends on tasks needed to complete. In lot of cases Encase is enough. :)
Have you tried FTK imager? Or any of the FTK tools for that matter.
What you use is what WE all use for forensics in the field haha. I use Autopsy a lot of the time with a module we scripted to map out a network of data sent/received...etc. It's pretty handy when turning in our findings.
-
I use FTK imager daily. FTK not ... it is too expensive :(