Menu

2.9 Given a scenario, use forensic analysis tools.

File carving tools

 Foremost

 Strings

Binary analysis tools

 Hex dump

 Binwalk

 Ghidra

 GNU Project debugger (GDB)

 OllyDbg

 readelf

 objdump

 strace

 ldd

 file

Analysis tools

 ExifTool

 Nmap

 Aircrack-ng

 Volatility

 The Sleuth Kit

 Dynamically vs. statically linked

Imaging tools

 Forensic Toolkit (FTK) Imager

 dd

Hashing utilities

 sha256sum

 ssdeep

Live collection vs. post-mortem tools

 netstat

 ps

 vmstat

 ldd

 lsof

 netcat

 tcpdump

 conntrack

 Wireshark

Security Operations

CASP+ Home