My friend May she found a strange file called "bkp.old" as below in the evidence files. She decided to use forensic tools to take a look at it and figure it out what's going on.

FTK said that it's an unknown file. But May was not satistify with this answer.

May used EnCase to conduct a file signature analysis on this evidence. Guess what? The signature analysis result was "Match". The file type was "Old Configuration Settings (ASCII)". May refused to believe it. That's too ridiculous!!!

May took a look at it's file header and compared with "File Type Signature Search.txt" . That's it. It's a Symantec Ghost Image file.

The suspect changed its ext name and bkp.gho became bkp.old. But to May's surprise forensic tools could not recognize this file correctly~ I taught May how to verify the file signature of a file. The verify result is as below.

Also I taught May how to mount a gho file and see what's inside this gho file. She did find some important files in this gho file and she exported those files to take a further examination.

File signature analysis fails to recognize .old file的更多相关文章

  1. File signature analysis failed to recognize .old file

    My friend May she found a strange file called "bkp.old" as below in the evidence files. Sh ...

  2. Natas Wargame Level 13 Writeup(文件上传漏洞,篡改file signature,Exif)

    aaarticlea/png;base64,iVBORw0KGgoAAAANSUhEUgAAAqMAAADDCAYAAAC29BgbAAAABHNCSVQICAgIfAhkiAAAIABJREFUeF

  3. linux C file format analysis

    c语言文件格式 source file file.c C source, ASCII text pretreatment 预处理文件 file.i C source, ASCII text assem ...

  4. Azure File Storage 基本用法 -- Azure Storage 之 File

    Azure Storage 是微软 Azure 云提供的云端存储解决方案,当前支持的存储类型有 Blob.Queue.File 和 Table. 笔者在<Azure Blob Storage 基 ...

  5. Solved Unable to copy the source file ./installer/services.sh to the destination file /etc/vmware-t

    Sometimes when you intall vmwaretools there will be some problems such as "Unable to copy the s ...

  6. 【ZBar】ios错误ignoring file xxx missing required architecture x86_64 in file

    解决方法: 1.在Project target里"Architectures"设置为:Standard (armv7,armv7s)或者  Standard (armv7,arm6 ...

  7. linux,安装软件报错cannot create regular file '/usr/local/man/man1': No such file or directory

    make install时报错,如下 install: cannot create regular file '/usr/local/man/man1': No such file or direct ...

  8. mac 启动php-fpm报错 failed to open configuration file '/private/etc/php-fpm.conf': No such file or direc

    直接运行,有报错找不到配置文件. $ php-fpm [11-Jan-2014 16:03:03] ERROR: failed to open configuration file '/private ...

  9. 解决Warning: unlink(/storage/cache/cache.catalog.language.1556158719): No such file or directory in /system/library/cache/file.php on line 68问题

    ytkah在调试opencart项目时提示Warning: unlink(/storage/cache/cache.catalog.language.1556158719): No such file ...

随机推荐

  1. RocketMQ 可视化环境搭建和基础代码使用

    RocketMQ 是一款分布式消息中间件,最初是由阿里巴巴消息中间件团队研发并大规模应用于生产系统,满足线上海量消息堆积的需求, 在 2016 年底捐赠给 Apache 开源基金会成为孵化项目,经过不 ...

  2. java中更新文件时,指定原文件的编码格式,防止编码格式不对,造成乱码

    1.pom中添加引入cpdetector(一个可以自动检测文本编码格式的项目) //pom中添加引入cpdetector(一个可以自动检测文本编码格式的项目) <dependency> & ...

  3. 关于起点中文网的一个我自认为是BUG的BUG(花了我一毛三分钱才实验出来的)

    因为最近在学关于网页的东西,所以便有了每看一个网页,总得先看看这个网页的源码的习惯. 突然我就想到了,起点中文网在看小说的界面是不允许复制粘贴,甚至连点右键都不会有反应, 那么如果我查看源码,能否复制 ...

  4. 经典Java笔试面试题

    面向对象编程(OOP) Java是一个支持并发.基于类和面向对象的计算机编程语言.下面列出了面向对象软件开发的优点: 代码开发模块化,更易维护和修改. 代码复用. 增强代码的可靠性和灵活性. 增加代码 ...

  5. 给VS设置代码创建人的宏

    Sub AddFunComment() Dim DocSel As EnvDTE.TextSelection DocSel = DTE.ActiveDocument.Selection DocSel. ...

  6. node中websocket的使用

    web Socket和Socket.IO框架 http协议是无状态的,就是说客户端可以给服务器提交请求,但是服务器不能向客户端提交请求,但是我们实际项目中会要求客户和服务器双方是类似电话那种关系, 一 ...

  7. PATA 1011 World Cup Betting (20)

    1011. World Cup Betting (20) 时间限制 400 ms 内存限制 65536 kB 代码长度限制 16000 B 判题程序 Standard 作者 CHEN, Yue Wit ...

  8. Programming In Lua 第二章

    1,lua基本类型:nil,boolean,number,string,userdata,function,thread,table.可以用函数type获取变量的类型. 2,lua中的字符串可以用单引 ...

  9. 导入lxml找不到etree,报ImportError:DLL load failed:找不到指定的程序

    1.是pip install lxml后,安装好了lmx-3.8.0,然后执行sacpy的scrapy crawl jobbole命令报导入lxml的etree无法导入,找不到指定的程序 2.这是因为 ...

  10. Web自动化测试 二 ----- HTML

    HTML 一.结构 html> 与 </html> 之间的文本描述网页 <body> 与 </body> 之间的文本是可见的页面内容 <h1> 与 ...