My friend May she found a strange file called "bkp.old" as below in the evidence files. She decided to use forensic tools to take a look at it and figure it out what's going on.

FTK said that it's an unknown file. But May was not satistify with this answer.

May used EnCase to conduct a file signature analysis on this evidence. Guess what? The signature analysis result was "Match". The file type was "Old Configuration Settings (ASCII)". May refused to believe it. That's too ridiculous!!!

May took a look at it's file header and compared with "File Type Signature Search.txt" . That's it. It's a Symantec Ghost Image file.

The suspect changed its ext name and bkp.gho became bkp.old. But to May's surprise forensic tools could not recognize this file correctly~ I taught May how to verify the file signature of a file. The verify result is as below.

Also I taught May how to mount a gho file and see what's inside this gho file. She did find some important files in this gho file and she exported those files to take a further examination.

File signature analysis failed to recognize .old file的更多相关文章

  1. File signature analysis fails to recognize .old file

    My friend May she found a strange file called "bkp.old" as below in the evidence files. Sh ...

  2. JMeter学习-027-JMeter参数文件(脚本分发)路径问题:jmeter.threads.JMeterThread: Test failed! java.lang.IllegalArgumentException: File distributed.csv must exist and be readable解决方法

    前些天,在进行分布式参数化测试的时候,出现了如题所示的错误报错信息.此文,针对此做一个简略的重现及分析说明. JMX脚本线程组参数配置如下所示: 参数文件路径配置如下所示: 执行JMX脚本后,服务器对 ...

  3. ASM ClassReader failed to parse class file - probably due to a new Java class file version that isn't supported yet

    严重: Context initialization failedorg.springframework.beans.factory.BeanDefinitionStoreException: Fai ...

  4. vmware, failed to lock the file

    电脑死机,进不了桌面,实在不行就重启,但是在运行着虚拟机,重启后打开VMware虚拟机,提示failed to lock the file,进不去了,急阿,里面不少资料呢...问万能的Google,终 ...

  5. Xamarin 示例Standard Controls报错:xamarin Failed to compile interface file. See Build Output for details

    Standard Controls 示例下载地址: http://developer.xamarin.com/content/StandardControls/ Xamarin官网上的IOS示例“St ...

  6. Caused by: org.springframework.core.NestedIOException: ASM ClassReader failed to parse class file

    springframework.version  3.2.6.RELEASE jdk 1.8

  7. 移动MM failed to find resource file{mmiap.xml}

    原地址:http://blog.csdn.net/alking_sun/article/details/36175861 在进行移动MM集成的时候总是会遇到一个bug:  failed to find ...

  8. VM启动报错:Failed to lock the file

    http://www.cnblogs.com/kristain/articles/2491966.html Reason: Failed to lock the fileGoogle 了一下, 在網路 ...

  9. VM 启动时报错:Failed to lock the file

    http://www.cnblogs.com/kristain/articles/2491966.html Reason: Failed to lock the fileGoogle 了一下, 在網路 ...

随机推荐

  1. 【转载】兼容所有浏览器的JQuery zClip插件实现复制到剪贴板功能

    文章转载自 代码家园 http://www.daimajiayuan.com/ 原文链接:http://www.daimajiayuan.com/sitejs-17973-1.html原文摘要: 相信 ...

  2. ActivityManager与Proxy模式的运用

    Android学习——ActivityManager与Proxy模式的运用 一 Proxy模式 意图: 为其他对象提供一种代理以控制这个对象的访问. 适用性: l  远程代理( Remote Prox ...

  3. ArcGis for flex查询FeatureLayer数据

    1. 首先实例化一个FeatureLayer对象 private var featureLayer:FeatureLayer=new FeatureLayer(); 2.指定FeatureLayer对 ...

  4. 要让CLR挂掉的话……

    http://rednaxelafx.iteye.com/blog/460893 (Disclaimer:如果需要转载请先与我联系. 作者:RednaxelaFX -> rednaxelafx. ...

  5. 【转】漫谈linux文件IO--io流程讲的很清楚

    [转]漫谈linux文件IO--io流程讲的很清楚 这篇文章写的比较全面,也浅显易懂,备份下.转载自:http://blog.chinaunix.net/uid-27105712-id-3270102 ...

  6. 【NOIP2015资源+题解】

    数据下载(含cena配置文件+一套自己写的代码) 试题下载(pdf版) Day1 T1 Day1 T2 Day1 T3 Day2 T1 Day2 T2 Day3 T3

  7. (转)log4j使用介绍

    原文出自: log4j使用介绍 日志是应用软件中不可缺少的部分,Apache的开源项目Log4j是一个功能强大的日志组件,提供方便的日志记录.以下是个人经验,具体请参考Log4j文档指南. Log4j ...

  8. [Java Web 第一个项目]客户关系处理系统(CRM)项目总结

    一.table的应用: 1.表格的常用属性 基本属性有:width(宽度).height(高度).border(边框值).cellspacing(表格的内宽,即表格与tr之间的间隔).cellpadd ...

  9. 【UML 建模】状态图介绍

    1.Statechart Diagram 即状态图,主要用于描述一个对象在其生存期间的动态行为,表现为一个对象所经历的状态序列.引起状态转移的事件(Event).因状态转移而伴随的动作(Action) ...

  10. 表达式求值--Java实现

    /*将中缀表达式--转化为后缀表达式--属于栈的一种应用 *具体思路: *1.扫描字符串,遇到操作数字符直接不管,存到一个字符串里边 *2.操作符优先级比较--定义了方法 * 栈中优先级高:出栈存进字 ...