Difference between pages "TestDisk" and "Malware"

From Forensics Wiki
(Difference between pages)
Jump to: navigation, search
(File systems)
 
 
Line 1: Line 1:
{{Infobox Software
+
'''Malware''' is a short version of '''Malicious Software'''.
| logo = [[Image:TestDisk-logo.gif]]
+
| name = TestDisk
+
| developer = Christophe Grenier
+
| maintainer = Christophe Grenier
+
| latest_release_version = 6.8
+
| latest_release_date = August 13, 2007
+
| os = {{Linux}}, {{Windows}}, {{Mac OS X}}, Dos, BSD
+
| interface = Command line interface
+
| genre = Data recovery
+
| license = GPLv2+
+
| website = [http://www.cgsecurity.org/wiki/TestDisk TestDisk Wiki]
+
}}
+
  
'''TestDisk''' is a free software data recovery utility licensed under the terms of the GNU General Public License (GPL). It was primarily designed to help recover lost data storage partitions and/or make non-booting disks bootable again when these symptoms are caused by faulty software, certain types of viruses or human error (such as accidentally erasing a partition table).
+
Malware is software used for data theft, device damage, harassment, etc. It is very similar to computer malware. It installs things such as trojans, worms, and botnets to the affected device. It is illegal to knowingly distribute malware.
  
[http://www.cgsecurity.org/wiki/TestDisk_%26_PhotoRec_in_various_digital_forensics_testcase Forensics usage of TestDisk and PhotoRec] is described on the web site.
+
== Virus ==
 +
A computer program that can automatically copy itself and infect a computer.
  
==Summary==
+
== Worm ==
TestDisk queries the BIOS or the operating system in order to find the hard disks and their characteristics (LBA size and Cylinder-head-sector geometry). TestDisk does a quick check of your disk's structure and compares it with your Partition Table for entry errors. If the Partition Table has entry errors, TestDisk can repair them.
+
A self-replicating computer program that can automatically infect computers on a network.
  
However, it's up to the user to look over the list of possible partitions found by TestDisk and to select the one(s) which were being used just before the drive failed to boot or the partition(s) were lost. In some cases, especially after initiating a detailed search for lost partitions,
+
== Trojan horse ==
TestDisk may show partition data which is simply from the remnants of a partition that had been deleted and overwritten long ago.
+
A computer program which appears to perform a certain action, but actually performs many different forms of codes.
  
TestDisk has features for both novices and experts. For those who know little or nothing about data recovery techniques, TestDisk can be used to collect detailed information about a non-booting drive which can then be sent to a tech for further analysis. Those more familiar with such procedures should find TestDisk a handy tool in performing onsite recovery.
+
== Spyware ==
 +
A computer program that can automatically intercept or take partial control over the user's interaction.
  
==Supported operating systems==
+
== Exploit Kit ==
* [[DOS]] (either real or in a Windows 9x DOS box);
+
A toolkit that automates the exploitation of client-side vulnerabilities, targeting browsers and programs that a website can invoke through the browser [http://blog.zeltser.com/post/1410922437/what-are-exploit-kits]. Often utilizing a drive-by-download.
* [[Microsoft]] [[Windows]] (NT4, 2000, XP, 2003, Vista);
+
* [[Linux]];
+
* [[FreeBSD]], [[NetBSD]], [[OpenBSD]];
+
* SunOS and
+
* [[Mac OS X]]
+
  
==File systems==
+
=== Drive-by-download ===
TestDisk can find lost partitions of the following file systems:
+
Any download that happens without a person's knowledge [http://en.wikipedia.org/wiki/Drive-by_download].
* Be File System (BeOS)
+
* BSD disklabel ([[FreeBSD]]/[[OpenBSD]]/[[NetBSD]])
+
* [[Cramfs]], Compressed File System
+
* DOS/Windows [[FAT]] 12, 16, and 32
+
* [[HFS]], [[HFS+]] and [[HFS+|HFSX]], Hierarchical File System
+
* IBM Journaled File System 2 (JFS2), IBM's Journaled File System
+
* [[Linux]] [[ext2]] and [[ext3]]
+
* [[Linux]] RAID
+
** RAID 1: mirroring
+
** RAID 4: striped array with parity device
+
** RAID 5: striped array with distributed parity information
+
** RAID 6: striped array with distributed dual redundancy information
+
* Linux Swap (versions 1 and 2)
+
* [[Linux Logical Volume Manager (LVM)|LVM]] and [[Linux Logical Volume Manager (LVM)|LVM2]], [[Linux Logical Volume Manager (LVM)|Linux Logical Volume Manager]]
+
* Mac partition map
+
* Novell Storage Services (NSS)
+
* [[NTFS]] ([[Windows]] NT/2000/XP/2003/Vista/2008)
+
* [[Reiserfs | ReiserFS]] 3.5, 3.6 and 4
+
* Sun Solaris i386 disklabel
+
* Unix File System: [[Unix File System|UFS]] and [[Unix File System|UFS2]] (Sun/BSD/...)
+
* XFS, SGI's Journaled File System
+
  
== See also ==
+
== See Also ==
* [[PhotoRec]]
+
  
==External links==
+
== External Links ==
* [http://www.cgsecurity.org/wiki/TestDisk TestDisk Wiki]
+
* [http://en.wikipedia.org/wiki/Malware Wikipedia entry on malware]
 +
* [http://en.wikipedia.org/wiki/Drive-by_download Wikipedia drive-by-download]
 +
* [http://www.viruslist.com/ Viruslist.com]
 +
* [http://code.google.com/p/androguard/wiki/DatabaseAndroidMalwares Androguard]: A list of recognized Android malware
 +
 
 +
=== Exploit Kit ===
 +
* [http://blog.zeltser.com/post/1410922437/what-are-exploit-kits What Are Exploit Kits?], by [[Lenny Zeltser]], October 26, 2010
 +
* [http://nakedsecurity.sophos.com/2013/07/02/the-four-seasons-of-glazunov-digging-further-into-sibhost-and-flimkit/ The four seasons of Glazunov: digging further into Sibhost and Flimkit], by Fraser Howard on July 2, 2013
 +
 
 +
[[Category:Malware]]

Revision as of 01:05, 21 October 2013

Malware is a short version of Malicious Software.

Malware is software used for data theft, device damage, harassment, etc. It is very similar to computer malware. It installs things such as trojans, worms, and botnets to the affected device. It is illegal to knowingly distribute malware.

Contents

Virus

A computer program that can automatically copy itself and infect a computer.

Worm

A self-replicating computer program that can automatically infect computers on a network.

Trojan horse

A computer program which appears to perform a certain action, but actually performs many different forms of codes.

Spyware

A computer program that can automatically intercept or take partial control over the user's interaction.

Exploit Kit

A toolkit that automates the exploitation of client-side vulnerabilities, targeting browsers and programs that a website can invoke through the browser [1]. Often utilizing a drive-by-download.

Drive-by-download

Any download that happens without a person's knowledge [2].

See Also

External Links

Exploit Kit