ForensicsWiki will continue to operate as it has before and will not be shutting down. Thank you for your continued support of ForensicsWiki.

Difference between pages "Memory analysis" and "Hash (tool)"

From ForensicsWiki
(Difference between pages)
Jump to: navigation, search
 
m (add to cat)
 
Line 1: Line 1:
'''Memory Analysis''' is the science of using a [[Tools:Memory_Imaging|memory image]] to determine information about running programs, the [[operating system]], and the overall state of a computer. Because the analysis is highly dependent on the operating system, we have broken it into subpages:
+
{{Infobox_Software |
 +
  name = Hash |
 +
  maintainer = [[The Grugq]] |
 +
  os = {{Linux}} |
 +
  genre = {{Analysis}} |
 +
  license =  |
 +
  website = [http://www.tacticalvoip.com/ tacticalvoip.com] |
 +
}}
  
* [[Windows Memory Analysis]]
+
===Background===
* [[Linux Memory Analysis]]
+
* [[FreeBSD Memory Analysis]]
+
  
== See Also ==
+
Hash ('''Ha'''cker '''She'''ll) is a tool to enable people to evade detection while penetrating a system.
  
* [[Tools:Memory_Imaging]]
+
Hash, originally written in 2003, was re-written in June 2007 and released at the Korean security conference, [http://www.powerofcommunity.net Power of Community] that November.
  
== Weblinks ==
+
===Features===
  
* [http://www.blackhat.com/presentations/bh-federal-06/BH-Fed-06-Burdach/bh-fed-06-burdach-up.pdf Mariusz Burdach: Finding Digital Evidence In Physical Memory] (PDF)
+
'''Hacking utilities'''
* [https://www.usenix.org/events/usenix05/tech/freenix/full_papers/movall/movall.pdf Paul Movall, Ward Nelson, Shaun Wetzstein: Linux Physical Memory Analysis] (PDF)
+
* Inline file transfer
 +
* qondom - remote diskless execution
 +
 
 +
'''Builtins'''
 +
* Triggers
 +
* Aliasing
 +
* Basic file system and shell escape commands
 +
 
 +
===External Links===
 +
* [http://powerofcommunity.net/poc2007/grugq.pdf PoC presentation: ''Hacking Sucks!'']
 +
* [http://www.tacticalvoip.com/tools.html hash-0.2.5.tar.gz]
 +
 
 +
[[Category:Anti-Forensic Tools]]
 +
[[Category:Anti-forensics tools]]

Revision as of 22:55, 4 July 2008

Hash
Maintainer: The Grugq
OS: Linux
Genre: Analysis
License:
Website: tacticalvoip.com

Background

Hash (Hacker Shell) is a tool to enable people to evade detection while penetrating a system.

Hash, originally written in 2003, was re-written in June 2007 and released at the Korean security conference, Power of Community that November.

Features

Hacking utilities

  • Inline file transfer
  • qondom - remote diskless execution

Builtins

  • Triggers
  • Aliasing
  • Basic file system and shell escape commands

External Links