Difference between pages "THE FARMER'S BOOT CD" and "Malware"

From ForensicsWiki
(Difference between pages)
Jump to: navigation, search
 
(HackingTeam)
 
Line 1: Line 1:
[http://www.forensicbootcd.com/ THE FARMER'S BOOT CD (FBCD)] is a unique Linux boot CD.  Taking a different approach than other [[Live CDs]], this CD was designed and optimized for previewing systems before acquiring.  THE FARMER'S BOOT CD contains a number of programs forensic practitioners can utilize to preview both Windows and Linux systems in a forensically sound manner.  Developed by Thomas Rude ('farmerdude').
+
'''Malware''' is a short version of '''Malicious Software'''.
  
 +
Malware is software used for data theft, device damage, harassment, etc. It is very similar to computer malware. It installs things such as trojans, worms, and botnets to the affected device. It is illegal to knowingly distribute malware.
  
== Preview Capabilities ==
+
== Virus ==
 +
A computer program that can automatically copy itself and infect a computer.
  
THE FARMER'S BOOT CD has been designed for previewing both Windows and Linux systems.  On-site previews before acquisitions is an emerging trend in the U.S.A. due to legal and technological reasons.
+
== Worm ==
 +
A self-replicating computer program that can automatically infect computers on a network.
  
Below is a short list of what can be accomplished in a simple GUI on this CD;
+
== Trojan horse ==
 +
A computer program which appears to perform a certain action, but actually performs many different forms of codes.
  
- Mount file systems read-only, including journalled file system types
+
== Spyware ==
- Obtain a list of deleted files for ext2, FAT12/16/32, and NTFS file system types
+
A computer program that can automatically intercept or take partial control over the user's interaction.
- Undelete deleted files from NTFS file systems
+
- Obtain both E-mail and URL addresses from the Windows "pagefile.sys" file
+
- Read the Recycle Bin INFO2 records
+
- Read Windows event log files (AppEvent.Evt, SecEvent.Evt, SysEvent.Evt)
+
- Read many log files from Linux systems (shell histories, system logs, security logs, accounting logs, etc.)
+
- Obtain file system metainformation (creation date, last mount and write date, version, label, UUID, etc.)
+
- Parse Internet cache files from IE, Mozilla, and Opera, pulling cookies and histories
+
- Catalog target file system, selecting files of interest by extension or header
+
- Convert date/time between UNIX 32bit, UNIX hex, human readable, Windows 64bit, and Windows hex
+
- Generate thumbnails for all graphics in fully qualified path filename
+
- Obtain drive information (serial number, make/model, firmware, HPA status, etc.)
+
- Obtain system BIOS table information (serial numbers, dates, UUIDs, etc.)
+
- Obtain system hardware catalog
+
- Double-clicking on most common file types opens them (Documents, Graphics, Presentations, Movies, Audio, etc.)
+
  
 +
== Exploit Kit ==
 +
A toolkit that automates the exploitation of client-side vulnerabilities, targeting browsers and programs that a website can invoke through the browser [http://blog.zeltser.com/post/1410922437/what-are-exploit-kits]. Often utilizing a drive-by-download.
  
== Links ==
+
=== Drive-by-download ===
 +
Any download that happens without a person's knowledge [http://en.wikipedia.org/wiki/Drive-by_download].
  
[http://www.forensicbootcd.com/ THE FARMER'S BOOT CD Page] Main Page for THE FARMER'S BOOT CD (FBCD).
+
== Rootkit ==
 +
A rootkit is a stealthy type of software, typically malicious, designed to hide the existence of certain processes or programs from normal methods of detection and enable continued privileged access to an operating system.
  
[http://www.forensicbootcd.com/site/view.html THE FARMER'S BOOT CD screen shots] Screen Shots for Delve Preview Program on the FBCD.
+
== See Also ==
 +
* [[Malware analysis]]
  
[http://www.forensicfocus.com/farmers-boot-cd Preview Data in Under Twenty Minutes] Paper on previewing data quickly at http://www.forensicfocus.com
+
== External Links ==
 +
* [http://en.wikipedia.org/wiki/Malware Wikipedia: malware]
 +
* [http://en.wikipedia.org/wiki/Drive-by_download Wikipedia: drive-by-download]
 +
* [http://www.viruslist.com/ Viruslist.com]
 +
* [http://code.google.com/p/androguard/wiki/DatabaseAndroidMalwares Androguard]: A list of recognized Android malware
  
[[category:Forensic Utilities]]
+
=== Analysis ===
 +
* [http://sempersecurus.blogspot.ch/2013/12/a-forensic-overview-of-linux-perlbot.html A Forensic Overview of a Linux perlbot], by Andre M. DiMino, December 17, 2013
 +
* [http://research.zscaler.com/2014/02/probing-into-flash-zero-day-exploit-cve.html Probing into the Flash Zero Day Exploit (CVE-2014-0502)], by Krishnan Subramanian, February 21, 2014
 +
* [http://www.welivesecurity.com/wp-content/uploads/2014/03/operation_windigo.pdf Operation Windigo], by Olivier Bilodeau, Pierre-Marc Bureau, Joan Calvet, Alexis Dorais-Joncas, Marc-Étienne M.Léveillé, Benjamin Vanheuverzwijn, March, 2014
 +
* [http://blogs.technet.com/b/srd/archive/2014/03/24/security-advisory-2953095-recommendation-to-stay-protected-and-for-detections.aspx Security Advisory 2953095: recommendation to stay protected and for detections\, by Chengyun Chu, Elia Florio, March 24, 2014
 +
 
 +
=== Exploit Kit ===
 +
* [http://blog.zeltser.com/post/1410922437/what-are-exploit-kits What Are Exploit Kits?], by [[Lenny Zeltser]], October 26, 2010
 +
* [http://nakedsecurity.sophos.com/2013/07/02/the-four-seasons-of-glazunov-digging-further-into-sibhost-and-flimkit/ The four seasons of Glazunov: digging further into Sibhost and Flimkit], by Fraser Howard, July 2, 2013
 +
* [http://www.kahusecurity.com/2013/kore-exploit-kit/ Kore Exploit Kit], Kahu Security blog, July 18, 2013
 +
 
 +
=== Rootkit ===
 +
* [http://en.wikipedia.org/wiki/Rootkit Wikipedia: Rootkit]
 +
* [http://articles.forensicfocus.com/2013/11/22/understanding-rootkits/ Understanding Rootkits: Using Memory Dump Analysis for Rootkit Detection], by Dmitry Korolev, Yuri Gubanov, Oleg Afonin, November 22, 2013
 +
 
 +
=== HackingTeam ===
 +
* [https://citizenlab.org/2014/06/backdoor-hacking-teams-tradecraft-android-implant/ Police Story: Hacking Team’s Government Surveillance Malware], by Morgan Marquis-Boire, John Scott-Railton, Claudio Guarnieri, and Katie Kleemola, June 24, 2014
 +
* [http://www.securelist.com/en/blog/8231/HackingTeam_2_0_The_Story_Goes_Mobile HackingTeam 2.0: The Story Goes Mobile], Kaspersky Lab, June 24, 2014
 +
* [http://reverse.put.as/wp-content/uploads/2014/06/ShakaCon6-FuckYouHackingTeam.pdf Fuck you Hacking Team], by fG! at ShakaCon 2014, June 2014
 +
 
 +
 
 +
[[Category:Malware]]

Revision as of 02:12, 5 July 2014

Malware is a short version of Malicious Software.

Malware is software used for data theft, device damage, harassment, etc. It is very similar to computer malware. It installs things such as trojans, worms, and botnets to the affected device. It is illegal to knowingly distribute malware.

Virus

A computer program that can automatically copy itself and infect a computer.

Worm

A self-replicating computer program that can automatically infect computers on a network.

Trojan horse

A computer program which appears to perform a certain action, but actually performs many different forms of codes.

Spyware

A computer program that can automatically intercept or take partial control over the user's interaction.

Exploit Kit

A toolkit that automates the exploitation of client-side vulnerabilities, targeting browsers and programs that a website can invoke through the browser [1]. Often utilizing a drive-by-download.

Drive-by-download

Any download that happens without a person's knowledge [2].

Rootkit

A rootkit is a stealthy type of software, typically malicious, designed to hide the existence of certain processes or programs from normal methods of detection and enable continued privileged access to an operating system.

See Also

External Links

Analysis

Exploit Kit

Rootkit

HackingTeam