Hi all,
For a class, I need to develop a "scenario case" image and then do a write up on what would be evidence and why. Much of the image I use various anti-forensic techniques and in particular I have VMware player running an OpenBSD SSH server. The "case" suggests the "suspect" is with an ISP that dynamically assigns an IP address so they need to use a service that statically routes their IP.
My question is I have configured a Netgear router to use the service and then port forwards 22 to the SSH server image. Now I have configured a strong password for the web authentication and there isn't a console port to plug in. Saving a backup config and dumping it into a hex editor I can see a lot of what could be potential corrobative evidence, but if the backup file didn't exist how would you access the router? I assume you could brute force the http auth or possibly port scan it to get some supporting evidence.
Basically I haven't found much on doing a forensic analysis on home routers or if it's even considered evidence and was wondering if it's worth while to look into researching how to pull config files from flash.
Thanks for any ideas
deleted
Netgear RangeMax WPN824
Firmware Version V2.0.15_1.0.11
My only concern about using any type of exploit to gain access to a router is the possibility of corrupting the config file. Not sure if it would or not..? I have experience using various http brute force utilities, but I'm more interested in if anyone has actually seized a home router and used the config file as corrobative evidence or to possibly show innocence of a crime. Plus, what method of access they used to capture the config file.
Again this is for a class image so I already have the username/passwd 😉
Thanks for the response rkamens
deleted