Chapter 14 Memory and incident response system commands
Rekall (http://www.rekall-forensic.com/home) is a forensic and incident response framework. Initially it was pure memory forensics but has moved forward since that time.
File headers can be used for file identification by examining the first 4 or 5 bytes of this hexadecimal string:
Grep and egrep can be used to extract information from text files.
Example: grep <keyword> <filename>
Example: grep “Bruce Middleton” phonebook
Example: egrep “Middleton | Hughes” phonebook
Some useful flags to be used with grep / egrep are as follows:
Now let’s say we want to ...
Get Cyber Crime Investigator's Field Guide, 3rd Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
