My first experience of digital forensics

   Recently set up his own digital agency forensics team to collect evidence and analysis of the sources of information security incidents and why , fortune and misfortune , and I was one of the members.

   Authorities commissioned a professional manner to project the development of relevant procedures for our company and arrange for nearly 150 hours of training , curriculum Han forensic tools (Encase Forensic), evidence collection tools (Encase Forensic portable, Helix Pro), OpenSource Tools, various types of evidence pattern interpretation and analysis of forensic evidence methods and AntiForensic countermeasures. Executives believe that to be able to defend , we must understand the methods of attack , so in addition to forensic knowledge, but also learn hacking techniques analysis and penetration testing skills. 

    Relatively simple scene evidence collection , anyway, is the scene may exhibit buckle back, out of the forensic work is difficult , after all, from a bunch of digital data to find real evidence , the original is a bit like a haystack needle , not to mention hackers ( If it is ) able to hack into the internal organs , is not Dengxianzhibei , how could not cover their tracks , so to find a few laymen trained forensic really accomplish the task ? ? ? 

    This is my last year to participate in information security protection training, the second time in such a complete education and training, although training, but did not practice environment , many of which are on paper, in Taiwan Criminal Law Chapter 36 prevent computer crimes, casual "test" someone else's computer , but will be sued , there is no combat training as endorsement of the same for a long time to forget ! 

    The digital forensics training is the same situation , refresher courses and three months to forget half the year authorities need to have a few pieces of forensic cases ? Mention we are part of this group work, usually work still to be taken into account, the business will more and more forensic work will only be reduced embellishment , boss ! Please do not expect us to be able to produce more good results !

My penetration testing operations (start a) - the first day of defeat

Mentioned before about penetration test , so take advantage at home on the Sunday.

Accordance with the general penetration testing steps, the first step is to gather information, the results of these two sites is not Home website, Domain name is registered in the company's internal DNS server, so the first trick taught Whois gather information, immediately block off:! {

One site (termed temporary system to A) also is retricted client's IP, and the entrance is Load Balance server, can not come into contact with the real Web Server, want to try the operation does not work at my home, alas! But the company has installed IDS ( Intrusion Detection System) and the WAF (Web firewall), For a beginner, it would be too tight defense it! So the second step, the first contact, use NMAP scans have all been dropped.

So the first day got full failure ! I couldn't collect useful information. The information may not be used is a kind of information it! At least know that these methods are not feasible.