For running VMWare in Kali, please follow the most recent instructions in the VMWare website.
Once installing VMWare the most recently issue I face is regarding the installation of VMWare Tools and having the local folders being shared with the virtual machine.
This is extremely helpful mainly when downloading documents, as when doing that from the virtual machine, because the network card is in a loopback, the internet connection can be very slow.
So I downloaded Autopsy 4.0.0 in my local machine and then I could share the Downloads folder with the virtual machine, and it worked as a sharm.
The other reason why I wanted to have Share Folders enabled is because I can do the analysis from Autopsy directly reading files from the /mnt folder.
Some of the links are attached to link.
But the main issue I was facing was regarding that Kali does require to have root permissions for running everything, therefore for enabling Share Folders, you need to open this application using root as well.
In order to do that, please run the following commands:
sudo vmware (one being used for dissertation)
or
sudo vmplayer
Wednesday, April 27, 2016
Monday, April 25, 2016
Packaging tool
Kali does not come by default with the graphical user interface to manage package repositories.
This would allow to install, remove, upgrade and downgrade single and multiple packages.
Therefore when a deb or RPM are downloaded, the double click action on the file does not install automatically the package.
In order to get this sorted, it is necessary to install the package manager called Synaptic, using the following command:
Then:
This would allow to install, remove, upgrade and downgrade single and multiple packages.
Therefore when a deb or RPM are downloaded, the double click action on the file does not install automatically the package.
In order to get this sorted, it is necessary to install the package manager called Synaptic, using the following command:
Then:
Creating an image
For checking if the disk attached has been recognised by the OS, I run: fdisk -l:
It is possible to see the disk attached under the name /dev/sdb. By running ls -lha I can see all the partitions the same HDD has:
Then I executed the read only permissions to the disk, so there is no possibilities of causing some damage to the evidence:
Then executed the command dcfldd:
The results are:
It is possible to see the disk attached under the name /dev/sdb. By running ls -lha I can see all the partitions the same HDD has:
Then I executed the read only permissions to the disk, so there is no possibilities of causing some damage to the evidence:
Then executed the command dcfldd:
The results are:
Computers
Computer 01
Computer 02
Computer 03
Computer 04
Computer 05
Computer 06
Computer 07
Computer 08
Computer 09
Computer 10
Other details about auctions can be found here:
Computer's auction
Computer 02
Computer 03
Computer 04
Computer 05
Computer 08
Computer 09
Computer 10
Other details about auctions can be found here:
Computer's auction
Accessing to Files on Android device
When trying to access to an Android device, I use the method by mounting it via Files. However, when trying to be able to access to the symbolic link called /storage/emulated/0/DCIM/Camera, this does not appear in there.
I went through several articles about this, and this looks much simple than actually what everyone is saying in the forums.
By default, Samsung devices use MTP or Media device Transfer Protocol instead of USB Mass Storage as any other USB driver. Therefore when running the command lsusb, you will be able to see the device attached to the computer:
However, the command mount does not display the device connected as a USB driver (normally displayed under /dev/sdaX), but it shows as a gvfsd-fuse under /run/user/1000/gvfs:
Note: You need to click on the device in File to mount it or mount it manually via command line for the next steps... And on the device you need to acknowledge the USB connection using MTP.
The device should be mounted under the following way:
mtp://[usb:001,021]/.
Once the device is mounted, under the folder /run/user/1000/gvfs, it's possible to see the host attached to it:
Under this I can then see the same folder called Phone that appears in Files.
However, by accessing to the folder Phone and then running ls -l, I still see the same folders that are shown in Files, and the physical link associated to the symbolic link called /storage/emulated/0/DCIM/Camera is still not there.
Therefore I run ls -la, and this in fact shows me the folder called DCIM, and in it, the folder Camera can be found:
For safe removal of the device attached from the computer, unmount and eject it from Files, or using the command line.
I went through several articles about this, and this looks much simple than actually what everyone is saying in the forums.
By default, Samsung devices use MTP or Media device Transfer Protocol instead of USB Mass Storage as any other USB driver. Therefore when running the command lsusb, you will be able to see the device attached to the computer:
However, the command mount does not display the device connected as a USB driver (normally displayed under /dev/sdaX), but it shows as a gvfsd-fuse under /run/user/1000/gvfs:
Note: You need to click on the device in File to mount it or mount it manually via command line for the next steps... And on the device you need to acknowledge the USB connection using MTP.
The device should be mounted under the following way:
mtp://[usb:001,021]/.
Once the device is mounted, under the folder /run/user/1000/gvfs, it's possible to see the host attached to it:
Under this I can then see the same folder called Phone that appears in Files.
However, by accessing to the folder Phone and then running ls -l, I still see the same folders that are shown in Files, and the physical link associated to the symbolic link called /storage/emulated/0/DCIM/Camera is still not there.
Therefore I run ls -la, and this in fact shows me the folder called DCIM, and in it, the folder Camera can be found:
For safe removal of the device attached from the computer, unmount and eject it from Files, or using the command line.
Sunday, April 24, 2016
Logical volumes and mounting partitions
When attaching a storage device (flash drive, external hard disk, etc) to a computer/operating system (OS), this is visible immediately. It is possible to check this physical presence by running fdisk -l.
However, by attaching this device to the computer, this does not mean that I will be able to access to it straight away. This is because the OS is not aware of the filesystem (or directory tree) being used on this attached device, so the OS does not know how to see the information there, or access/write to it.
Therefore, it is necessary to mount this physical device by creating a logical access, and using a specific filesystem that is related to this device. As soon this happens, the OS can immediately read and write information here.
In other words
Physical device -> Set Filesystem type -> Mount Logical access -> OS can read it!
For example, when attaching an USB driver to my computer, and after running fdisk -l, I can see the physical device could be detected and this becomes physically available by what it shows in the below list:
I also will be able to see the driver listed in my Files as STORE N GO (name of the device):
If I only want to list all my USB devices, then I can run the command lsub:
Now, if I try to access to this (normally by simply doing a cd /media/aviola/STORE\ N\ GO, this driver will appear as non existent:
In order to make this accessible, I need then to mount this device. I can simply right click on the top of STORE N GO in Files, and then click in the option Mount.
If then I run the command mount in the Terminal, I will be able to see all the storage devices and their logical associations. I can see that /dev/sdb1 is now listed as /media/aviola/STORE N GO.
For umounting this drive again, I can use umount /media/aviola/S <double tab> to get the name completed (this is because there are some spaces and there is the need to use back slash before each space).
The easier way to mount a storage device is by using Files, but what if I want to have more control of what I am doing, and use a command line for that?
I can use the command mount and some parameters to make the logical access to this device available.
Initially I have to create a mount point. Before it was called STORE N GO under media/aviola. I will create something else in /media/external now with the command:
sudo mkdir /media/external
For then attaching the physical device to this mounting partition I can use:
mount /dev/sdb1 /media/external
Please read the article called "Accessing to Files on Android device" for futher information to have access to USB connection using MTP.
Subscribe to:
Posts (Atom)