Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 CHAPTER 5 DIFFING. 2 What is Diffing? Practice of comparing two sets of data, before and after a changed has occurred Practice of comparing two sets.

Published byBertram Malone Modified over 8 years ago

Similar presentations

Presentation on theme: "1 CHAPTER 5 DIFFING. 2 What is Diffing? Practice of comparing two sets of data, before and after a changed has occurred Practice of comparing two sets."— Presentation transcript:

1 1 CHAPTER 5 DIFFING

2 2 What is Diffing? Practice of comparing two sets of data, before and after a changed has occurred Practice of comparing two sets of data, before and after a changed has occurred Purpose to determine what data to modify in the data file directly to cause the change behind the application’s back Purpose to determine what data to modify in the data file directly to cause the change behind the application’s back The two things could be files, Registry entries, memory contents, packets, e-mails etc The two things could be files, Registry entries, memory contents, packets, e-mails etc Here we’ll limit our discussion on files (including special files such as the Window Registry) Here we’ll limit our discussion on files (including special files such as the Window Registry) Can use this technique to cheat at games, recover passwords, bypass protection mechanism etc Can use this technique to cheat at games, recover passwords, bypass protection mechanism etc

3 3 Tools File Comparison Tools File Comparison Tools –Determine the differences between two files –FC »Included in DOS (later in Windows) –Diff »Originates on the UNIX platform »Has limited binary comparison capabilities, but useful primarily for text file comparison »Microsoft also includes this utility called Windiff in Windows NT and Windows98 resource kit

4 4 Tools Hex Editors Hex Editors –Make changes to a binary file –Direct access –Hackman »Free Windows-based »Features including searching, cutting, pasting, a hex calculator, a disassembler etc –[N] Curses Hexedit »Free program »Under GPL (GNU Public License) »Available for all UNIX version, DOS »Features, search, binary calculator (converter) etc

5 5 Tools Hex Editors Hex Editors –Hex Workshop »Commercial software from Breakpoint Software »$49.90 U.S, windows platform »30 days trial available »Features, arithmetic functions, base converter, calculator, checksum calculator etc

6 6 Tools File System Monitoring Tools File System Monitoring Tools –Work on a group of files such as partition, drive letter or directory –To determine which file, this tools make the process easier –Hardway »Copy all files then compare with modified files to identify which files have been changed –File attributes »Things like dates, times, size, permissions etc

7 7 Tools File System Monitoring Tools File System Monitoring Tools –Using the Archive Attribute »The FAT (File Allocation Table) file system include a file attribute called the archive bit »The purpose to determine when a file had been modified since the last backup –Checksums / Hashes »Central problem when viruses, trojans or rootkits modified the files »Use checksums or cryptographic hash algorithm

8 8 Problems Challenges to edit data files directly Challenges to edit data files directly Checksums / Hashes Checksums / Hashes –Checksum or hash being store with the files –Small value represent a block of data to compare old files and new files, if same proceed if not file corrupt Compression / Encryption Compression / Encryption –All files will show as changed

9 9 How to Secure Against Diffing No true security against this type of attack No true security against this type of attack Implement by encrypting the files using a variation of a real encryption algorithm Implement by encrypting the files using a variation of a real encryption algorithm Just to make it difficult Just to make it difficult

10 10 End Of Chapter 5

Download ppt "1 CHAPTER 5 DIFFING. 2 What is Diffing? Practice of comparing two sets of data, before and after a changed has occurred Practice of comparing two sets."

Similar presentations

Collaboration Model for Law Enforcement X-Ways Investigator (investigator version of X-Ways Forensics)

Collaboration Model for Law Enforcement X-Ways Investigator (investigator version of X-Ways Forensics)
Chapter 4 : File Systems What is a file system?

Chapter 4 : File Systems What is a file system?
An Introduction to Computer Forensics James L. Antonakos Professor Computer Science Department.

An Introduction to Computer Forensics James L. Antonakos Professor Computer Science Department.
1 Figure 6-16: Advanced Server Hardening Techniques Reading Event Logs (Chapter 10)  The importance of logging to diagnose problems Failed logins, changing.

1 Figure 6-16: Advanced Server Hardening Techniques Reading Event Logs (Chapter 10)  The importance of logging to diagnose problems Failed logins, changing.
The FAT File System CSC 414. Objectives  Understand the structure and components of the FAT (12/16/32) File Systems  Understand what happens when a.

The FAT File System CSC 414. Objectives  Understand the structure and components of the FAT (12/16/32) File Systems  Understand what happens when a.
Chapter 9 Chapter 9: Managing Groups, Folders, Files, and Object Security.

Chapter 9 Chapter 9: Managing Groups, Folders, Files, and Object Security.
File Management Systems

File Management Systems
Guide to Computer Forensics and Investigations Fourth Edition

Guide to Computer Forensics and Investigations Fourth Edition
Chapter 13 – File and Database Systems

Chapter 13 – File and Database Systems
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 5: Managing File Access.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 5: Managing File Access.
Lecture 10: The FAT, VFAT, and NTFS Filesystems 6/17/2003 CSCE 590 Summer 2003.

Lecture 10: The FAT, VFAT, and NTFS Filesystems 6/17/2003 CSCE 590 Summer 2003.
Connecting with Computer Science, 2e

Connecting with Computer Science, 2e
1 Operating Systems Chapter 7-File-System File Concept Access Methods Directory Structure Protection File-System Structure Allocation Methods Free-Space.

1 Operating Systems Chapter 7-File-System File Concept Access Methods Directory Structure Protection File-System Structure Allocation Methods Free-Space.
Hands-On Microsoft Windows Server 2003 Administration Chapter 5 Administering File Resources.

Hands-On Microsoft Windows Server 2003 Administration Chapter 5 Administering File Resources.
Computer Forensics Principles and Practices by Volonino, Anzaldua, and Godwin Chapter 6: Operating Systems and Data Transmission Basics for Digital Investigations.

Computer Forensics Principles and Practices by Volonino, Anzaldua, and Godwin Chapter 6: Operating Systems and Data Transmission Basics for Digital Investigations.
Chapter 12 File Management Systems

Chapter 12 File Management Systems
Chapter 5 System Software.

Chapter 5 System Software.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 7: Advanced File System Management.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 7: Advanced File System Management.
1 DOS with Windows 3.1 and 3.11 Operating Environments n Designed to allow applications to have a graphical interface DOS runs in the background as the.

1 DOS with Windows 3.1 and 3.11 Operating Environments n Designed to allow applications to have a graphical interface DOS runs in the background as the.
Installing Windows XP Professional Using Attended Installation Slide 1 of 41Session 2 Ver. 1.0 CompTIA A+ Certification: A Comprehensive Approach for all.

Installing Windows XP Professional Using Attended Installation Slide 1 of 41Session 2 Ver. 1.0 CompTIA A+ Certification: A Comprehensive Approach for all.

Similar presentations

Ads by Google