Difference between pages "Memory analysis" and "Hash (tool)"

From Forensics Wiki
(Difference between pages)
Jump to: navigation, search
 
m (add to cat)
 
Line 1: Line 1:
'''Memory Analysis''' is the science of using a [[Tools:Memory_Imaging|memory image]] to determine information about running programs, the [[operating system]], and the overall state of a computer. Because the analysis is highly dependent on the operating system, we have broken it into subpages:
+
{{Infobox_Software |
 +
  name = Hash |
 +
  maintainer = [[The Grugq]] |
 +
  os = {{Linux}} |
 +
  genre = {{Analysis}} |
 +
  license =  |
 +
  website = [http://www.tacticalvoip.com/ tacticalvoip.com] |
 +
}}
  
* [[Windows Memory Analysis]]
+
===Background===
* [[Linux Memory Analysis]]
+
* [[FreeBSD Memory Analysis]]
+
  
== See Also ==
+
Hash ('''Ha'''cker '''She'''ll) is a tool to enable people to evade detection while penetrating a system.
  
* [[Tools:Memory_Imaging]]
+
Hash, originally written in 2003, was re-written in June 2007 and released at the Korean security conference, [http://www.powerofcommunity.net Power of Community] that November.
  
== Weblinks ==
+
===Features===
  
* [http://www.blackhat.com/presentations/bh-federal-06/BH-Fed-06-Burdach/bh-fed-06-burdach-up.pdf Mariusz Burdach: Finding Digital Evidence In Physical Memory] (PDF)
+
'''Hacking utilities'''
* [https://www.usenix.org/events/usenix05/tech/freenix/full_papers/movall/movall.pdf Paul Movall, Ward Nelson, Shaun Wetzstein: Linux Physical Memory Analysis] (PDF)
+
* Inline file transfer
 +
* qondom - remote diskless execution
 +
 
 +
'''Builtins'''
 +
* Triggers
 +
* Aliasing
 +
* Basic file system and shell escape commands
 +
 
 +
===External Links===
 +
* [http://powerofcommunity.net/poc2007/grugq.pdf PoC presentation: ''Hacking Sucks!'']
 +
* [http://www.tacticalvoip.com/tools.html hash-0.2.5.tar.gz]
 +
 
 +
[[Category:Anti-Forensic Tools]]
 +
[[Category:Anti-forensics tools]]

Revision as of 17:55, 4 July 2008

Hash
Maintainer: The Grugq
OS: Linux
Genre: Analysis
License:
Website: tacticalvoip.com

Background

Hash (Hacker Shell) is a tool to enable people to evade detection while penetrating a system.

Hash, originally written in 2003, was re-written in June 2007 and released at the Korean security conference, Power of Community that November.

Features

Hacking utilities

  • Inline file transfer
  • qondom - remote diskless execution

Builtins

  • Triggers
  • Aliasing
  • Basic file system and shell escape commands

External Links