My friend May she found a strange file called "bkp.old" as below in the evidence files. She decided to use forensic tools to take a look at it and figure it out what's going on.

FTK said that it's an unknown file. But May was not satistify with this answer.

May used EnCase to conduct a file signature analysis on this evidence. Guess what? The signature analysis result was "Match". The file type was "Old Configuration Settings (ASCII)". May refused to believe it. That's too ridiculous!!!

May took a look at it's file header and compared with "File Type Signature Search.txt" . That's it. It's a Symantec Ghost Image file.

The suspect changed its ext name and bkp.gho became bkp.old. But to May's surprise forensic tools could not recognize this file correctly~ I taught May how to verify the file signature of a file. The verify result is as below.

Also I taught May how to mount a gho file and see what's inside this gho file. She did find some important files in this gho file and she exported those files to take a further examination.

File signature analysis failed to recognize .old file的更多相关文章

  1. File signature analysis fails to recognize .old file

    My friend May she found a strange file called "bkp.old" as below in the evidence files. Sh ...

  2. JMeter学习-027-JMeter参数文件(脚本分发)路径问题:jmeter.threads.JMeterThread: Test failed! java.lang.IllegalArgumentException: File distributed.csv must exist and be readable解决方法

    前些天,在进行分布式参数化测试的时候,出现了如题所示的错误报错信息.此文,针对此做一个简略的重现及分析说明. JMX脚本线程组参数配置如下所示: 参数文件路径配置如下所示: 执行JMX脚本后,服务器对 ...

  3. ASM ClassReader failed to parse class file - probably due to a new Java class file version that isn't supported yet

    严重: Context initialization failedorg.springframework.beans.factory.BeanDefinitionStoreException: Fai ...

  4. vmware, failed to lock the file

    电脑死机,进不了桌面,实在不行就重启,但是在运行着虚拟机,重启后打开VMware虚拟机,提示failed to lock the file,进不去了,急阿,里面不少资料呢...问万能的Google,终 ...

  5. Xamarin 示例Standard Controls报错:xamarin Failed to compile interface file. See Build Output for details

    Standard Controls 示例下载地址: http://developer.xamarin.com/content/StandardControls/ Xamarin官网上的IOS示例“St ...

  6. Caused by: org.springframework.core.NestedIOException: ASM ClassReader failed to parse class file

    springframework.version  3.2.6.RELEASE jdk 1.8

  7. 移动MM failed to find resource file{mmiap.xml}

    原地址:http://blog.csdn.net/alking_sun/article/details/36175861 在进行移动MM集成的时候总是会遇到一个bug:  failed to find ...

  8. VM启动报错:Failed to lock the file

    http://www.cnblogs.com/kristain/articles/2491966.html Reason: Failed to lock the fileGoogle 了一下, 在網路 ...

  9. VM 启动时报错:Failed to lock the file

    http://www.cnblogs.com/kristain/articles/2491966.html Reason: Failed to lock the fileGoogle 了一下, 在網路 ...

随机推荐

  1. SQL SERVER 数据库级联删除

    --SQL SERVER 2008R2 级联删除:主子表设置外键关联,当主表数据删除的时候会自动删除子表中对应的数据 --创建主表 create table test_main( ID ,) PRIM ...

  2. C#类的学习

    ①类的定义是以关键字 class 开始,后跟类的名称.类的主体,包含在一对花括号内.下面是类定义的一般形式: 类的修饰符 class 类名 :继承的类{ //类的成员 } 请注意: 如果要访问类的成员 ...

  3. Python学习笔记(十三)

    Python学习笔记(十三): 模块 包 if name == main 软件目录结构规范 作业-ATM+购物商城程序 1. 模块 1. 模块导入方法 import 语句 import module1 ...

  4. APP崩溃提示:This application is modifying the autolayout engine from a background thread after the engine was accessed from the main thread. This can lead to engine corruption and weird crashes.

    崩溃输出日志 2017-08-29 14:53:47.332368+0800 HuiDaiKe[2373:1135604] This application is modifying the auto ...

  5. 原生javascript跨浏览器常用事件处理

    var eventUntil = {             getEvent: function (event) {//获取事件                 return event ? eve ...

  6. 锁对象Lock

    Lock 实现提供了比使用synchronized 方法和语句可获得的更广泛的锁定操作,它能以更优雅的方式处理线程同步问题: public class LockTest { publicstaticv ...

  7. LeetCode 169. Majority Element (众数)

    Given an array of size n, find the majority element. The majority element is the element that appear ...

  8. js实现一个简单钟表动画(javascript+html5 canvas)

    第一次在博客园注册发博.有一次去人家单位开标,看到开标网站上有个钟表动画,一时兴起,就写了个简单的钟表动画. 用js和html5 canvas对象实现一个简单钟表程序 主要用到的就是h5的canvas ...

  9. RabbitMQ使用详解

    刚刚用了,记录下来,以后忘了,方便能够快速想起来. 首先说明,由于RabbitMQ服务端非JAVA,C++语言,当然也就看不懂,所以本文的理解都是过于主观的. 一,RabbitMQ服务端搭建 推荐最好 ...

  10. SSH框架整合--applicationContext.xml文件配置实例

    <?xml version="1.0" encoding="UTF-8"?><beans xmlns="http://www.spr ...