信息安全资料第十八章计算机取证.docxVIP

下载本文档

0
0
约4.55千字
约 28页
2026-01-06 发布于浙江
举报

信息安全资料第十八章计算机取证.docx

????KaliLinux

????

The

Thequieteryoubecome?themoreyouareabletohear

???

Fanghong.yuan@163.com

???? ?????

??????

Forensicinvestigations

??????

–???????????

????

???Forensic??

–?????????????????

–???????????????????????????

?????????

????????

CSI?????

–???DNA???????

–????????????????

?????????/?????/????

–??????????????IoT?????????????

????

???????

–????????????????????????????

–??HASH????????

?????

–?????????????????????????????

–????????????????????

???????

–?????????????????????????????

????????????

????

?????????

–???????????????????????

–????CPU???I/O????????????????

–????????????????????????????????

–????????????????????

????

–??

????

???????

–?????????????

–????????????????

??????

??????????

????

???

–????metadata?????????????????????????

?????

–???????????????

–U?/??????????

???

–???????????????MBR?GPT?LVM?

????

??????????????????????????

???Kali?????????????

??dump??

–Dumpit?/wp-content/uploads/downloads/2011/07/DumpIt.zip

–???????????????????raw??

????

??????

volatilityimageinfo-fxp.raw #???????profile

volatilityhivelist-fXP.raw--profile=WinXPSP3x86 #?????

volatility-fXP.raw--profile=WinXPSP3x86hivedump-o0xe124f8a8

–#?????????????

volatility-fXP.raw--profile=WinXPSP3x86printkey-KSAM\Domains

\Account\Users\Names #????

volatility-fxp.raw--profile=WinXPSP3x86printkey-KSOFTWARE

\Microsoft\WindowsNT\CurrentVersion\Winlogon #???????

volatility-fXP.raw--profile=WinXPSP3x86userassist #????????????????????????

????

??????

volatility-fXP.raw--profile=WinXPSP3x86pslist #???????????

volatility-f7.raw--profile=Win7SP1x64memdump-p1456-Dtest #dump

????

strings1456.dmp1111.txt#?????greppassword/@

volatility

您可能关注的文档

文档评论（0）

1亿VIP精品文档

更多 >

信息安全资料第十八章计算机取证.docxVIP