My friend May she found a strange file called "bkp.old" as below in the evidence files. She decided to use forensic tools to take a look at it and figure it out what's going on.

FTK said that it's an unknown file. But May was not satistify with this answer.

May used EnCase to conduct a file signature analysis on this evidence. Guess what? The signature analysis result was "Match". The file type was "Old Configuration Settings (ASCII)". May refused to believe it. That's too ridiculous!!!

May took a look at it's file header and compared with "File Type Signature Search.txt" . That's it. It's a Symantec Ghost Image file.

The suspect changed its ext name and bkp.gho became bkp.old. But to May's surprise forensic tools could not recognize this file correctly~ I taught May how to verify the file signature of a file. The verify result is as below.

Also I taught May how to mount a gho file and see what's inside this gho file. She did find some important files in this gho file and she exported those files to take a further examination.

File signature analysis failed to recognize .old file的更多相关文章

  1. File signature analysis fails to recognize .old file

    My friend May she found a strange file called "bkp.old" as below in the evidence files. Sh ...

  2. JMeter学习-027-JMeter参数文件(脚本分发)路径问题:jmeter.threads.JMeterThread: Test failed! java.lang.IllegalArgumentException: File distributed.csv must exist and be readable解决方法

    前些天,在进行分布式参数化测试的时候,出现了如题所示的错误报错信息.此文,针对此做一个简略的重现及分析说明. JMX脚本线程组参数配置如下所示: 参数文件路径配置如下所示: 执行JMX脚本后,服务器对 ...

  3. ASM ClassReader failed to parse class file - probably due to a new Java class file version that isn't supported yet

    严重: Context initialization failedorg.springframework.beans.factory.BeanDefinitionStoreException: Fai ...

  4. vmware, failed to lock the file

    电脑死机,进不了桌面,实在不行就重启,但是在运行着虚拟机,重启后打开VMware虚拟机,提示failed to lock the file,进不去了,急阿,里面不少资料呢...问万能的Google,终 ...

  5. Xamarin 示例Standard Controls报错:xamarin Failed to compile interface file. See Build Output for details

    Standard Controls 示例下载地址: http://developer.xamarin.com/content/StandardControls/ Xamarin官网上的IOS示例“St ...

  6. Caused by: org.springframework.core.NestedIOException: ASM ClassReader failed to parse class file

    springframework.version  3.2.6.RELEASE jdk 1.8

  7. 移动MM failed to find resource file{mmiap.xml}

    原地址:http://blog.csdn.net/alking_sun/article/details/36175861 在进行移动MM集成的时候总是会遇到一个bug:  failed to find ...

  8. VM启动报错:Failed to lock the file

    http://www.cnblogs.com/kristain/articles/2491966.html Reason: Failed to lock the fileGoogle 了一下, 在網路 ...

  9. VM 启动时报错:Failed to lock the file

    http://www.cnblogs.com/kristain/articles/2491966.html Reason: Failed to lock the fileGoogle 了一下, 在網路 ...

随机推荐

  1. Color Blender---在线渐变色带生成器

       Color Blender是一个很有用的在线渐变色带生成器,它可以在两种颜色之间,自动生成过渡色,对网页设计师来说是一个不错的颜色调配工具.   Color Blender的使用方法很简单,你只 ...

  2. CVPixelBuffer的创建 数据填充 以及数据读取

    CVPixelBuffer的创建数据填充以及数据读取 CVPixelBuffer 在音视频编解码以及图像处理过程中应用广泛,有时需要读取内部数据,很少的时候需要自行创建并填充数据,下面简单叙述. 创建 ...

  3. win10 uwp 修改CalendarDatePicker图标颜色

    CalendarDatePicker 是一个好用的东西,但是我发现想要修改他右边的那个图标,显示日历的图标颜色,没有这个选项. 如果不知道我说的是哪个,请看下面的图. 左边颜色变化的就是我们要修改的图 ...

  4. 使用Hexo+Github一步步搭建属于自己的博客(基础)

    前言:电脑系统为window 10专业版,64位 相关步骤: 1.安装Node.js和配置好Node.js环境,打开cmd命令行,成功界面如下 2.安装Git和配置好Git环境,安装成功的象征就是在电 ...

  5. redis基本教程

    http://www.runoob.com/redis/redis-tutorial.html

  6. CURL常用命令记录--用于简单测试接口

    curl命令是一个利用URL规则在命令行下工作的文件传输工具.它支持文件的上传和下载,所以是综合传输工具,但按传统,习惯称curl为下载工具.作为一款强力工具,curl支持包括HTTP.HTTPS.f ...

  7. JavaScript--我发现,原来你是这样的JS(引用类型不简单,且听我娓娓道来)

    一.介绍 没错,这是第五篇,到了引用类型,这次要分成两次博文了,太多内容了,这是前篇,篇幅很长也很多代码,主要讲引用类型和常用的引用类型,代码试验过的,老铁没毛病. 坚持看坚持写,不容易不容易,希望大 ...

  8. 有序链表--Java实现

    /*有序链表--使用的是单链表实现 *在插入的时候保持按照值顺序排列 *对于删除最小值的节点效率最高--适合频繁的删除最小的节点 * */ public class MySortedLinkList ...

  9. LeetCode 11. Container With Most Water (装最多水的容器)

    Given n non-negative integers a1, a2, ..., an, where each represents a point at coordinate (i, ai).  ...

  10. RestServer 2.0 正式版发布

    RestServer 2.0 正式版发布 使用许可&版权说明 在保持本软件完整的情况下可以将本软件用于任何商业用途. 本软件可以自由传播,但是请保持软件相关文件和说明文档完整. 未经许可不得将 ...