ACTIVITY: IMAGING WITH NETCAT OVER A NETWORK (ADVANCED)
Note: This activity takes place in a Linux system environment using SANS SIFT Workstation, a collection of forensic tools. For instructions to download and set up this environment, click Virtual Workstation in the toolbar.
Time: This activity should take you approximately 20 minutes to complete.
SOFTWARE
If you are not using a Linux machine, you’ll need to download SIFT Workstation 3 for this exercise.
GOAL
In this activity, we will explore how netcat (nc) can be used for receiving data over a network.
Sometimes, investigators will capture data from a suspect machine and send data to another networked computer (a forensic machine). In this activity, you will mimic this process by sending the capture data from one terminal to another terminal on the same machine.
You may want to review my dd and nc Demo before beginning this activity.
INSTRUCTIONS
Launch SIFT Workstation 3.Open two terminals on SIFT Workstation 3. One terminal represents a forensic machine; the other represents the suspect machine.On the forensic machine terminal, use nc –l to listen on port 8888 for the incoming data. Save the received data as ncData.dd. (Hint: nc –l 8888 > ncData.dd)On the suspect machine terminal, use dd to copy an existing file and pipe (|) to netcat (nc), sending the copy of the file to the forensic machine terminal.Since we are sending date to the same machine, we use local host’s IP address 127.0.0.1. If you send data to a networked machine, replace 127.0.0.1 with the receiving machine’s IP address. (Hint: In our case, we run dd if=the-original-file | nc 127.0.0.1 8888)Generate MD5 and SHA1 hashes of ncData.dd and compare them with the original file’s MD5 and SHA1 hashes.Answer the Check Your Work questions.
转载于:https://www.cnblogs.com/sec875/articles/10013522.html
