Digital Forensic on IP Camera - Help?
Hi, if anyone has experience or knowledge with doing digital forensics on IP cameras and could have the time to help me out a bit I would appericiate it a lot!
Been working on an IP Camera for months now and I have finally managed to get shell access. After that I am looking at different directories and files. I have been going through a lot of them in the last couple of weeks but most of the files that I try to "cat" just gives me a bunch of symbols coming down the terminal and does not stop.
I am mostly looking for stuff that could be useful for law enforcement in an inverstigations, like for example user logins, potentially stored images/videos, stuff in /var/log, etc.
So far in my research I have found nothing.
If you got any tips on what I should be looking for, where I should be looking and other tips please do not hesitate to give me a reply or send me a DM.
Thanks for any response in advance.
So you are trying to reverse engineering the IP camera? Nice challenge! There are several approaches you can make, and probably already have done yourself.
- figure out which type and model the IP cam is
- try to find the original documentation of this device, especially the technical docs
- search for online information about the device
- use the device, and capture the datastreams (wireshark) for further investigation
- do a portscan to see which ports are open
- which version of Linux is the device using?
- is there any storage capacity?
- what is saved and which formats?
- login portal for configuration, how is it build
- can it be updated? How?
Most camera's that I know of store data on a microSD card or send it to Network Video Recorder. Now that you have access, pipe the data steam to an image file and start examining the contents for video headers.
Honestly, there are some many proprietary formats that most software that's capable of carving for video files don't know half of them. That is if video files even have digital headers to begin with.
If you can extract the data off the camera, you can attempt to use software like DME Forensics in an attempt to figure it out.
Best of luck,