hello there …
some one asked me this
he got a laptop for analysis from an org. to check if this laptop has been hacked or not his result after examination is Clean ( not hacked )
the org. want to send the laptop to another one that one is a gamer maybe he will inject a trojan to laptop to show that first person is inexperienced or liar for some aims …
so the question is is there anyway to compare 2 images to find the whole changes on the system aut with free tool ?
or i should do them manually buy getting snapshot from registry and dump the process by using dumpit.exe tool
thats all
???
up
up
the org. want to send the laptop to another one that one is a gamer maybe he will inject a trojan to laptop to show that first person is inexperienced or liar for some aims …
not sure I understand. why would someone want to add an exploit or malicious code to see if one existed on the original image?
the org. want to send the laptop to another one that one is a gamer maybe he will inject a trojan to laptop to show that first person is inexperienced or liar for some aims …
not sure I understand. why would someone want to add an exploit or malicious code to see if one existed on the original image?
the world is evil D
so any help for take an image and compare it with another image for the same hdd to find what is the differences between both ?
Do you care about internal file changes or just the fact that one file is different from another?
If it's the latter - this is a classic file hashing problem that pretty much any 4n6 tool can do.
OSForensics can
OSForensics can
compare two images for registry and file system differences. It will spit out a list of files that are new, deleted, changed, or has just had their meta data updated (e.g. dates or attributes)
thanks man it's working D