If someone want to do forensic on a remote ? folder, which should be the right way?
Thanks
If someone want to do forensic on a remote ? folder, which should be the right way?
Thanks
1. you have the FTP Server 's root. looup the transfer log
2.you have a splitter that can capture either client packets or server packets,then analyse the packets data.
this way is underground, so bad guys may not realize that for a long time
pasv mode(192,168,1,2,M,N)
port = M*256+N
OK, many thanks. What you suggested me, is what i tought. And if the FTP server is in house?
OK, many thanks. What you suggested me, is what i tought. And if the FTP server is in house?
I am afraid…a hacker may help you.
egif the FTP Server is setup by serv-U,try serv-U 's 0Day,and exploit it˜
In fact,"Social Engineering" will be more effective.if you know the people closely
egintentionally "lose" your udisk(with virus) around him.
So if the FTP is remote, then your analysis will probably be limited to the computer that you access to (depends on the clearance/permission of your role). So like ultrain said, logs and other types of records (packet capture, timestamps,etc) that are on the computer you are examining are usually quite safe (as in okay for you to examine).
an example being
http//
If the FTP is in house, you can try to request whoever has control over the FTP server for a copy of the files by the IPs/credentials of the logs you accessed from the computer (the ones we talked about on top), if you have such clearance as a forensics examiner.
If your job does require a bit more of the penetration testing mentality, I suggest you try to get permission for a higher up before social engineering or vulnerability scanning. However, this all really depends on your current set of permissions and situations; think of it more as last last resort.
Here is a sample of what can be done to penetrate a ftp (properly implemented security systems is not so simple), but here may be a good starting point if penetration testing is your only option and you are not sure how secure the FTP service you are penetration testing
http//
OK, many thanks for all answers