Kali Linux - Forensics Tools p0f, Dumpzilla, DFF and More. These tools can identify the OS of a target host simply by examining captured packets

Kali Linux – Forensics Tools p0f, Dumpzilla, DFF and More

It's only fair to share...Digg thisShare on FacebookShare on Google+Tweet about this on TwitterShare on LinkedInFlattr the authorShare on TumblrShare on VKShare on YummlyShare on RedditShare on StumbleUpon

Kali Linux – Forensics Tools p0f, Dumpzilla, DFF and More

 

p0f

Kali Linux – Forensics Tools p0f, Dumpzilla, DFF and More. p0f is a tool that can identify the operating system of a target host simply by examining captured packets even when the device in question is behind a packet firewall. P0f does not generate any additional network traffic, direct or indirect; no name lookups; and no mysterious probes; no ARIN queries; nothing. In the hands of advanced users, P0f can detect firewall presence, NAT use, and existence of load balancers.

Type “p0f – h” in the terminal to see how to use it and you will get the following results.

Target HostAdvanced Users

It will list even the available interfaces.

Available Interface

Then, type the following command: “p0f –i eth0 –p -o filename”. Kali Linux – Forensics Tools p0f, Dumpzilla, DFF and More

Where the parameter “-i” is the interface name as shown above. “-p” means it is in promiscuous mode. “-o” means the output will be saved in a file.

Type of Command

Open a webpage with the address 192.168.1.2

Webpage Address

 

Dumpzilla

Kali Linux – Forensics Tools p0f, Dumpzilla, DFF and More

Dumpzilla application is developed in Python 3.x and has as a purpose to extract all forensic interesting information of Firefox, Iceweasel, and Seamonkey browsers to be analyzed.

ddrescue

It copies data from one file or block device (hard disc, cdrom, etc.) to another, trying to rescue the good parts first in case of read errors.

The basic operation of ddrescue is fully automatic. That is, you don’t have to wait for an error, stop the program, restart it from a new position, etc.

ALSO READ  Penetration Testing from the Cloud

If you use the mapfile feature of ddrescue, the data is rescued very efficiently (only the needed blocks are read). Also, you can interrupt the rescue at any time and resume it later at the same point. The mapfile is an essential part of ddrescue’s effectiveness. Use it unless you know what you are doing.

The command line is −

dd_rescue infilepath  outfilepath

Parameter “–v” means verbose. “/dev/sdb” is the folder to be rescued. Theimg file is the recovered image.

Recovered Image

DFF

It is another forensic tool used to recover the files. It has a GUI too. To open it, type “dff-gui” in the terminal and the following web GUI will open.

DFF GUI

Click File → “Open Evidence”.

Open Evidence

The following table will open. Check “Raw format” and click “+” to select the folder that you want to recover.

Raw Format

Then, you can browse the files on the left of the pane to see what has been recovered. Kali Linux – Forensics Tools p0f, Dumpzilla, DFF and More

Browse File

It's only fair to share...Digg thisShare on FacebookShare on Google+Tweet about this on TwitterShare on LinkedInFlattr the authorShare on TumblrShare on VKShare on YummlyShare on RedditShare on StumbleUpon