±Forensic Focus Partners

Become an advertising partner

±Your Account


Username
Password

Forgotten password/username?

Site Members:

New Today: 0 Overall: 36125
New Yesterday: 1 Visitors: 174

±Follow Forensic Focus

Forensic Focus Facebook PageForensic Focus on TwitterForensic Focus LinkedIn GroupForensic Focus YouTube Channel

RSS feeds: News Forums Articles

±Latest Articles

±Latest Videos

±Latest Jobs

Digital forensics on server (windows, ubuntu)

Computer forensics discussion. Please ensure that your post is not better suited to one of the forums below (if it is, please post it there instead!)
Reply to topicReply to topic Printer Friendly Page
Forum FAQSearchView unanswered posts
 
  

Ibernato
Member
 

Digital forensics on server (windows, ubuntu)

Post Posted: May 10, 19 10:48

Hi,
I'm doing a project where I talk about the forensic cloud in general and the difference between digital and cloud forensics. Now I should simulate a real case using a virtual machine on my computer. (I know it's different from the forensic cloud) In particular I have to examine windows server or ubuntu server.
I don't know how to proceed. I was asked to examine the artifacts and if there are any particular structures compared to the classic windows.
Do you have suggestions? Which tools to use?  
 
  

mrevoluter
Newbie
 

Re: Digital forensics on server (windows, ubuntu)

Post Posted: May 10, 19 13:42

Hi Ibernato,
1.You have asked a very different kind of a question, if you are going to carry out the forensics of a server let it be windows or Linux, first thing need to consider the typical way of its storage system.
2. Most of the servers run on a raid storage system. Though few forensic tools claim to carry out the static forensic imaging of a raid system. I would recommend you to go for a logical imaging.
3. Use FTK imager to carry out the forensic imaging of the system. This link www.hackingarticles.in...ers-guide/ would help you out.
4. Later you could carry on your general digital forensics.
5. For cloud forensics there are various limitations starting from taking permission from the cloud hoster.
6. Hope this is helpful.

Disclaimer: I don't know whether I could use other websites links in this blog. If it is not permitted I will not repeat.  
 
  

keydet89
Senior Member
 

Re: Digital forensics on server (windows, ubuntu)

Post Posted: May 10, 19 22:06

- Ibernato
In particular I have to examine windows server or ubuntu server.



- Ibernato
I don't know how to proceed. I was asked to examine the artifacts and if there are any particular structures compared to the classic windows.


What do you consider "classic" Windows?

- Ibernato
Do you have suggestions? Which tools to use?


I'd start with picking a system...Windows or Ubuntu.

If the VM file is a *.vmdk, you can access this easily with FTK Imager, and view the file system.

From there, the tools you use would be predicated upon your analysis goals...what are you hoping to prove/disprove?  
 
  

Ibernato
Member
 

Re: Digital forensics on server (windows, ubuntu)

Post Posted: May 14, 19 08:13

- mrevoluter
Hi Ibernato,
1.You have asked a very different kind of a question, if you are going to carry out the forensics of a server let it be windows or Linux, first thing need to consider the typical way of its storage system.
2. Most of the servers run on a raid storage system. Though few forensic tools claim to carry out the static forensic imaging of a raid system. I would recommend you to go for a logical imaging.
3. Use FTK imager to carry out the forensic imaging of the system. This link www.hackingarticles.in...ers-guide/ would help you out.
4. Later you could carry on your general digital forensics.
5. For cloud forensics there are various limitations starting from taking permission from the cloud hoster.
6. Hope this is helpful.

Disclaimer: I don't know whether I could use other websites links in this blog. If it is not permitted I will not repeat.


Thanks Smile

- keydet89
From there, the tools you use would be predicated upon your analysis goals...what are you hoping to prove/disprove?


I need to analyze a server. Log files, if there have been registry changes, if there was a malware attack. In short, these things here  
 
  

trewmte
Senior Member
 

Re: Digital forensics on server (windows, ubuntu)

Post Posted: May 14, 19 10:09

Ibernato, what type of windows server might you be investigating?

Windows Nano Server?

Books worth reading (1-5) as they contain information about the research points mentioned in your posts..

1) Getting Started With Windows Nano Server

About This Book
The days of the local server are numbered, and this book will make you an ace by giving you the skills needed to administer Nano Server and survive in the brave new server world. Learn to quickly automate multiple VMs and support Hyper-V clusters, all through small footprints from a single host Apply up-to-date, real-world examples presented in this book and improve the scalability and efficiency of large-scale VM deployments. This book opens up new potential for both developers and IT pros alike. The book is primarily for Server administrators and IT Professionals who would like to deploy and administer Nano Server within their organizations, and for developers who are trying to make maximal use of Server Containers and Hyper-V Containers with Nano Servers.


Nano Server is a new headless, 64-bit only, deployment option in Windows Server 2016 that has been optimized for data centers and for next-generation, distributed applications. Nano Server is the future of Windows Server; it is similar to Windows Server in Server Core mode, but significantly smaller, has no local logon capability, and only supports 64-bit applications, tools, and agents. It takes up far less disk space, sets up significantly faster, and requires far fewer updates and restarts much faster than Server with Desktop Experience.

2) Windows-Server-2016-Hyper-V-Cookbook
****e.g. Collecting artifacts for forensic examination

3) Mastering Windows Server 2016

4) Identity with Windows Server 2016 Exam 70-742 Lab Manual

5) Windows Server 2016 Complete Study Guide Exam 70-740, 70-741, 70-742
_________________
Institute for Digital Forensics (IDF) - www.linkedin.com/groups/2436720
Mobile Telephone Examination Board (MTEB) - www.linkedin.com/groups/141739
Universal Network Investigations - www.linkedin.com/groups/13536130
Mobile Telephone Evidence & Forensics trewmte.blogspot.com 
 
  

keydet89
Senior Member
 

Re: Digital forensics on server (windows, ubuntu)

Post Posted: May 14, 19 12:00

- keydet89
From there, the tools you use would be predicated upon your analysis goals...what are you hoping to prove/disprove?


- Ibernato
I need to analyze a server. Log files, if there have been registry changes, if there was a malware attack. In short, these things here


Thanks, but that doesn't answer the question...analyze a server for _what_?

For your benefit, here is a means for framing your analysis goals...

What is the question you are trying to answer? What are you trying to prove/disprove?

Are you trying to determine if a "malware attack" took place? If that's the case, how would you go about doing so?  
 
  

Ibernato
Member
 

Re: Digital forensics on server (windows, ubuntu)

Post Posted: May 14, 19 13:14

- keydet89
- keydet89
From there, the tools you use would be predicated upon your analysis goals...what are you hoping to prove/disprove?


- Ibernato
I need to analyze a server. Log files, if there have been registry changes, if there was a malware attack. In short, these things here


Thanks, but that doesn't answer the question...analyze a server for _what_?

For your benefit, here is a means for framing your analysis goals...

What is the question you are trying to answer? What are you trying to prove/disprove?

Are you trying to determine if a "malware attack" took place? If that's the case, how would you go about doing so?


This is a university project.
I was told to talk about the forensic cloud in general and to simulate a forensic analysis on a server (windows or linux)
Registry, LOG, etc.
Do you understand?
Thanks.  
 

Page 1 of 1