https://www.forensicfocus.com/Forums/viewtopic/t=17943/


If locked with a simple PIN try asking for the PIN. Otherwise you'll need the recovery key which you'll probably have to ask for too.

If you have a RAM image you could try using volatility to extract the FVEK (Full Volume Encryption Key). Use either https://github.com/elceef/bitlocker or https://github.com/tribalchicken/volatility-bitlocker

Then using either https://github.com/libyal/libbde or https://github.com/Aorimn/dislockeryou should then be able to unlock using the recovered FVEK.

Or you could try and brute force it? https://github.com/e-ago/bitcracker

If you are lucky the clearkey may be available in which case it should unlock automatically when emulated as a physical disk to windows or by using https://github.com/libyal/libbde or https://github.com/Aorimn/dislocker 

https://codebeautify.org/base64-decode

 

Best Base64 Decode online tool to decode base64 String, URL, File.

 

codebeautify.org

 

$ sudo apt-get install git
$ git clone https://github.com/volatilityfoundation/volatility.git
$ cd volatility/
$ sudo python setup.py install
$ sudo apt-get install yara
$ sudo apt-get install python-pip
$ sudo -H pip install --upgrade pip
$ sudo -H pip install distorm3 pycrypto openpyxl Pillow

https://medium.com/@zemelusa/first-steps-to-volatile-memory-analysis-dcbd4d2d56a1

 

First steps to volatile memory analysis

Cridex’s malware Forensic analysis for beginners and people willing to understand the basics of Forensic analysis.

medium.com

https://github.com/volatilityfoundation/volatility/wiki/Mac

 

volatilityfoundation/volatility

An advanced memory forensics framework. Contribute to volatilityfoundation/volatility development by creating an account on GitHub.

github.com

https://www.howtogeek.com/356942/how-to-view-the-system-log-on-a-mac/

 

How to View the System Log on a Mac

Your Mac keeps system logs, which can help diagnose and troubleshoot problems with macOS and your installed applications. These logs are stored as plain-text log files on your Mac’s system drive, and macOS also includes an app for viewing them.

www.howtogeek.com

https://github.com/volatilityfoundation/volatility/wiki/Mac-Command-Reference

 

volatilityfoundation/volatility

An advanced memory forensics framework. Contribute to volatilityfoundation/volatility development by creating an account on GitHub.

github.com

https://github.com/volatilityfoundation/volatility/wiki/Volatility-Usage

불러오는 중입니다...

 

https://www.reddit.com/r/Nexus6P/comments/3vtpb5/how_to_flash_update_images_without_wiping_data/?depth=2

 

How to flash update images without wiping data

Posted in r/Nexus6P by u/inate71 • 152 points and 137 comments

www.reddit.com

https://www.sans.org/reading-room/whitepapers/detection/paper/34232

 

SANS Institute: Reading Room - Intrusion Detection

Intrusion Detection Featuring 195 Papers as of March 26, 2019 Event Monitoring and Incident Response by Ryan Boyle - May 15, 2013  System security policies can still have security holes after implementation and may even introduce unintended consequences. V

www.sans.org

https://www.sans.org/reading-room/whitepapers/incident/paper/37920

 

SANS Institute: Reading Room - Incident Handling

Incident Handling Featuring 148 Papers as of April 2, 2019 A Practical Example of Incident Response to a Network Based Attack STI Graduate Student Research by Gordon Fraser - August 16, 2017  A commonly accepted Incident Response (IR) process includes six

www.sans.org

https://www.first.org/resources/papers/conference2008/chuvakin-anton-slides.pdf

불러오는 중입니다...

 

+ Recent posts

티스토리툴바