My friend May she found a strange file called "bkp.old" as below in the evidence files. She decided to use forensic tools to take a look at it and figure it out what's going on.

FTK said that it's an unknown file. But May was not satistify with this answer.

May used EnCase to conduct a file signature analysis on this evidence. Guess what? The signature analysis result was "Match". The file type was "Old Configuration Settings (ASCII)". May refused to believe it. That's too ridiculous!!!

May took a look at it's file header and compared with "File Type Signature Search.txt" . That's it. It's a Symantec Ghost Image file.

The suspect changed its ext name and bkp.gho became bkp.old. But to May's surprise forensic tools could not recognize this file correctly~ I taught May how to verify the file signature of a file. The verify result is as below.

Also I taught May how to mount a gho file and see what's inside this gho file. She did find some important files in this gho file and she exported those files to take a further examination.

File signature analysis failed to recognize .old file的更多相关文章

  1. File signature analysis fails to recognize .old file

    My friend May she found a strange file called "bkp.old" as below in the evidence files. Sh ...

  2. JMeter学习-027-JMeter参数文件(脚本分发)路径问题:jmeter.threads.JMeterThread: Test failed! java.lang.IllegalArgumentException: File distributed.csv must exist and be readable解决方法

    前些天,在进行分布式参数化测试的时候,出现了如题所示的错误报错信息.此文,针对此做一个简略的重现及分析说明. JMX脚本线程组参数配置如下所示: 参数文件路径配置如下所示: 执行JMX脚本后,服务器对 ...

  3. ASM ClassReader failed to parse class file - probably due to a new Java class file version that isn't supported yet

    严重: Context initialization failedorg.springframework.beans.factory.BeanDefinitionStoreException: Fai ...

  4. vmware, failed to lock the file

    电脑死机,进不了桌面,实在不行就重启,但是在运行着虚拟机,重启后打开VMware虚拟机,提示failed to lock the file,进不去了,急阿,里面不少资料呢...问万能的Google,终 ...

  5. Xamarin 示例Standard Controls报错:xamarin Failed to compile interface file. See Build Output for details

    Standard Controls 示例下载地址: http://developer.xamarin.com/content/StandardControls/ Xamarin官网上的IOS示例“St ...

  6. Caused by: org.springframework.core.NestedIOException: ASM ClassReader failed to parse class file

    springframework.version  3.2.6.RELEASE jdk 1.8

  7. 移动MM failed to find resource file{mmiap.xml}

    原地址:http://blog.csdn.net/alking_sun/article/details/36175861 在进行移动MM集成的时候总是会遇到一个bug:  failed to find ...

  8. VM启动报错:Failed to lock the file

    http://www.cnblogs.com/kristain/articles/2491966.html Reason: Failed to lock the fileGoogle 了一下, 在網路 ...

  9. VM 启动时报错:Failed to lock the file

    http://www.cnblogs.com/kristain/articles/2491966.html Reason: Failed to lock the fileGoogle 了一下, 在網路 ...

随机推荐

  1. 用SqlCommandBuilder 实现批量更新

    一般是这样的,如果用设计器将SqlDataAdapter拖到页面中使用时,不会出现SqlDataAdapter.Update(ds)更新时出错情况,因为系统会自动生成SqlDataAdapter的属性 ...

  2. javascript-OOP基础详解

      前  言 S     N 今天给大家详解一下面向对象编程(简称OOP)基础,OOP 语言使我们有能力定义自己的对象和变量类型 .对象拥有属性和方法 . 所以今天就给大家详解对象和类 . 1-1简介 ...

  3. 浅谈前后端分离与实践 之 nodejs 中间层服务(二)

    一.背景 书接上文,浅谈前后端分离与实践(一) 我们用mock服务器搭建起来了自己的前端数据模拟服务,前后端开发过程中只需定义好接口规范,便可以相互进行各自的开发任务.联调的时候,按照之前定义的开发规 ...

  4. fio2.1.10--HOWTO

    1.0 Overview and history    ------------------------ fio was originally written to save me the hassl ...

  5. linux 投影仪

    注:文章转自http://goo.gl/aI9Ycd如果侵权,请原作者留言,立即删除 之前在 R219 做 C++ 演講的時候,發現 Ubuntu 沒有辦法使用 VGA 輸出,臨時改用 Windows ...

  6. Kafka 学习笔记-基本概念

    一.基本概念 Kafka是一个分布式的,可分区的,可复制的消息系统 Kafka以由一个或多个服务以集群的方式运行,服务叫broker producer,consuer通过kafka topic发布,预 ...

  7. C++流类库(11)

    C++的流类库由几个进行I/O操作的基础类和几个支持特定种类的源和目标的I/O操作的类组成. 流类库的基础类 ios类是isrream类和ostream类的虚基类,用来提供对流进行格式化I/O操作和错 ...

  8. java笔记3(动手动脑)

    1.以下代码为何无法通过编译?哪儿出错了? 原因:已有的Foo()是带一个int型参数的构造方法,不存在无参的构造方法Foo() "构造方法" 当创建一个对象时,它的构造方法会被自 ...

  9. LeetCode 202. Happy Number (快乐数字)

    Write an algorithm to determine if a number is "happy". A happy number is a number defined ...

  10. Leetcode题解(十七)

    48.Rotate Image 题目: 分析:题目意思很简单,就是将一个n*n的矩阵顺时针旋转90度. 这道题难度不大,按照旋转的过程走一遍即可.代码如下: class Solution { publ ...