PC images compariso...
 
Notifications
Clear all

PC images comparison !! how to !

7 Posts
4 Users
0 Likes
197 Views
(@qassam22222)
Posts: 155
Estimable Member
Topic starter
 

hello there …
some one asked me this
he got a laptop for analysis from an org. to check if this laptop has been hacked or not his result after examination is Clean ( not hacked )
the org. want to send the laptop to another one that one is a gamer maybe he will inject a trojan to laptop to show that first person is inexperienced or liar for some aims …

so the question is is there anyway to compare 2 images to find the whole changes on the system aut with free tool ?
or i should do them manually buy getting snapshot from registry and dump the process by using dumpit.exe tool

thats all

 
Posted : 03/01/2017 4:11 pm
(@qassam22222)
Posts: 155
Estimable Member
Topic starter
 

???

up

up

 
Posted : 03/01/2017 9:44 pm
jpickens
(@jpickens)
Posts: 130
Estimable Member
 

the org. want to send the laptop to another one that one is a gamer maybe he will inject a trojan to laptop to show that first person is inexperienced or liar for some aims …

not sure I understand. why would someone want to add an exploit or malicious code to see if one existed on the original image?

 
Posted : 03/01/2017 9:55 pm
(@qassam22222)
Posts: 155
Estimable Member
Topic starter
 

the org. want to send the laptop to another one that one is a gamer maybe he will inject a trojan to laptop to show that first person is inexperienced or liar for some aims …

not sure I understand. why would someone want to add an exploit or malicious code to see if one existed on the original image?

the world is evil D
so any help for take an image and compare it with another image for the same hdd to find what is the differences between both ?

 
Posted : 03/01/2017 11:14 pm
pbobby
(@pbobby)
Posts: 239
Estimable Member
 

Do you care about internal file changes or just the fact that one file is different from another?

If it's the latter - this is a classic file hashing problem that pretty much any 4n6 tool can do.

 
Posted : 04/01/2017 1:08 am
Passmark
(@passmark)
Posts: 376
Reputable Member
 

OSForensics can compare two images for registry and file system differences. It will spit out a list of files that are new, deleted, changed, or has just had their meta data updated (e.g. dates or attributes)

 
Posted : 04/01/2017 3:44 am
(@qassam22222)
Posts: 155
Estimable Member
Topic starter
 

OSForensics can compare two images for registry and file system differences. It will spit out a list of files that are new, deleted, changed, or has just had their meta data updated (e.g. dates or attributes)

thanks man it's working D

 
Posted : 08/01/2017 11:42 am
Share: