Art Of Explo1t

Hy guy's.. missing me...? yeah, I think most of you guys looking forward to my post =)) as I promised earlier this year I will be a lot to discuss about forensic. so, go see my writing this time. Equipment: 1. Metasploit Note : make sure you get to this stage meterpreter session The next stage of selecting module " enum_drives ". This module will list the physical drives and logical volumes msf > use post/windows/gather/forensics/enum_drives msf post( enum_drives ) > show options msf post( enum_drives ) > set SESSION 1 msf post( enum_drives ) > run there are multiple logical volumes that look, then I choose the drives " E " for the test module by selecting " recovery_files ". This module list and try to recover deleted files from NTFS file systems msf post( enum_drives ) > use post/windows/gather/forensics/recovery_files msf post( recovery_files ) > show options msf post( recovery_files ) > set SESSION

This year I will most likely be many issues to discuss his forensic know many people who have not been involved in the forensic world , there are many who think that the forensic difficult , I suggest to you to keep a lot of reading and learning so that what you think is hard to be easy . as a prefix, I will discuss how to conceal messages into a file that contains the slack space Description : slack space is a space is not in use. This block is sized container that is in use by the file system to store data. Because it Occurs naturally the data rarely fill fixed storage locations exactly. in forensic slack space in check as they may contain important data. Download Bmap tools here Configuration: extract this file : tar -xzvf bmap-1.0.17.tar.gz cp -r bmap-1.0.17 /opt/ cd /opt/bmap-1.0.17 ; ls then, compile this script using command : # make after compiling a directory bmap refer back to appear as shown below : How To : I created a file with the exten