My friend May she found a strange file called "bkp.old" as below in the evidence files. She decided to use forensic tools to take a look at it and figure it out what's going on.

FTK said that it's an unknown file. But May was not satistify with this answer.

May used EnCase to conduct a file signature analysis on this evidence. Guess what? The signature analysis result was "Match". The file type was "Old Configuration Settings (ASCII)". May refused to believe it. That's too ridiculous!!!

May took a look at it's file header and compared with "File Type Signature Search.txt" . That's it. It's a Symantec Ghost Image file.

The suspect changed its ext name and bkp.gho became bkp.old. But to May's surprise forensic tools could not recognize this file correctly~ I taught May how to verify the file signature of a file. The verify result is as below.

Also I taught May how to mount a gho file and see what's inside this gho file. She did find some important files in this gho file and she exported those files to take a further examination.

File signature analysis fails to recognize .old file的更多相关文章

  1. File signature analysis failed to recognize .old file

    My friend May she found a strange file called "bkp.old" as below in the evidence files. Sh ...

  2. Natas Wargame Level 13 Writeup(文件上传漏洞,篡改file signature,Exif)

    aaarticlea/png;base64,iVBORw0KGgoAAAANSUhEUgAAAqMAAADDCAYAAAC29BgbAAAABHNCSVQICAgIfAhkiAAAIABJREFUeF

  3. linux C file format analysis

    c语言文件格式 source file file.c C source, ASCII text pretreatment 预处理文件 file.i C source, ASCII text assem ...

  4. Azure File Storage 基本用法 -- Azure Storage 之 File

    Azure Storage 是微软 Azure 云提供的云端存储解决方案,当前支持的存储类型有 Blob.Queue.File 和 Table. 笔者在<Azure Blob Storage 基 ...

  5. Solved Unable to copy the source file ./installer/services.sh to the destination file /etc/vmware-t

    Sometimes when you intall vmwaretools there will be some problems such as "Unable to copy the s ...

  6. 【ZBar】ios错误ignoring file xxx missing required architecture x86_64 in file

    解决方法: 1.在Project target里"Architectures"设置为:Standard (armv7,armv7s)或者  Standard (armv7,arm6 ...

  7. linux,安装软件报错cannot create regular file '/usr/local/man/man1': No such file or directory

    make install时报错,如下 install: cannot create regular file '/usr/local/man/man1': No such file or direct ...

  8. mac 启动php-fpm报错 failed to open configuration file '/private/etc/php-fpm.conf': No such file or direc

    直接运行,有报错找不到配置文件. $ php-fpm [11-Jan-2014 16:03:03] ERROR: failed to open configuration file '/private ...

  9. 解决Warning: unlink(/storage/cache/cache.catalog.language.1556158719): No such file or directory in /system/library/cache/file.php on line 68问题

    ytkah在调试opencart项目时提示Warning: unlink(/storage/cache/cache.catalog.language.1556158719): No such file ...

随机推荐

  1. 新手怎么学JS?JavaScript基础入门

    新手应该怎么学习JS?JavaScript入门 - 01 准备工作 在正式的学习JavaScript之前,我们先来学习一些小工具,帮助我们更好的学习和理解后面的内容. js代码位置 首先是如何编写Ja ...

  2. 【工具】读取proprtties工具类

    获取properties内容: 基本的使用看网络上大多是这样的,使用时注意线程安全以及读写的实时性问题. 1.直接通过流读取(反射): InputStream inStream =  this.get ...

  3. SSM(三)Mybatis动态SQL

    1.查询语句,where: <resultMap id="xxx" type="xx..Student" autoMapping="false& ...

  4. 如何安装xenserver

    xenserver安装 选择键盘 是否同意协议 清理磁盘 选择本地磁盘安装 选择本地镜像文件 输入管理密码 配置IP地址 配置DNS服务器地址 选择地点 配置NTP服务器地址 开始安装 安装完成

  5. 从零开始一起学习SALM-ICP原理及应用

    点"计算机视觉life"关注,星标更快接收干货! ## 小白:师兄,最近忙什么呢,都见不到你人影,我们的课也好久没更新了呢 师兄:抱歉,抱歉,最近忙于俗事.我后面一起补上,学习劲头 ...

  6. 在django中用MySQL为数据库 新建一个项目的流程

    创建mysql数据库 在cmd输入 mysql -uroot -p 启动mysql客户端并连接服务器 创建一个db_orm的数据库 mysql>CREATE DATABASE db_orm ch ...

  7. c++复杂桶排序Java版

    c++复杂桶排序Java版 题目和我的前几个排序一样 这次是Java版的 代码 + 注释 package com.vdian.qatest.supertagbiz.test.niu; /** * Cr ...

  8. Java面试题 equals()与"=="的区别?

    面试官:请问 equals() 和 "==" 有什么区别? 应聘者: equals()方法用来比较的是两个对象的内容是否相等,由于所有的类都是继承自java.lang.Object ...

  9. MySQL Explain查看执行计划

    这篇博客写的还是蛮全的 http://www.cnblogs.com/songwenjie/p/9409852.html 在执行SQL的时候,经常有些SQL未正确使用到索引,导致程序变慢,通过使用ex ...

  10. Code Review最佳实践

    我一直认为Code Review(代码审查)是软件开发中的最佳实践之一,可以有效提高整体代码质量,及时发现代码中可能存在的问题.包括像Google.微软这些公司,Code Review都是基本要求,代 ...