1 CHAPTER 5 DIFFING. 2 What is Diffing? Practice of comparing two sets of data, before and after a changed has occurred Practice of comparing two sets.

Slides:

Advertisements

Similar presentations

Collaboration Model for Law Enforcement X-Ways Investigator (investigator version of X-Ways Forensics)

Advertisements

Chapter 4 : File Systems What is a file system?

An Introduction to Computer Forensics James L. Antonakos Professor Computer Science Department.

1 Figure 6-16: Advanced Server Hardening Techniques Reading Event Logs (Chapter 10)  The importance of logging to diagnose problems Failed logins, changing.

The FAT File System CSC 414. Objectives  Understand the structure and components of the FAT (12/16/32) File Systems  Understand what happens when a.

Chapter 9 Chapter 9: Managing Groups, Folders, Files, and Object Security.

File Management Systems

Guide to Computer Forensics and Investigations Fourth Edition

Chapter 13 – File and Database Systems

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 5: Managing File Access.

Lecture 10: The FAT, VFAT, and NTFS Filesystems 6/17/2003 CSCE 590 Summer 2003.

Connecting with Computer Science, 2e

1 Operating Systems Chapter 7-File-System File Concept Access Methods Directory Structure Protection File-System Structure Allocation Methods Free-Space.

Hands-On Microsoft Windows Server 2003 Administration Chapter 5 Administering File Resources.

Computer Forensics Principles and Practices by Volonino, Anzaldua, and Godwin Chapter 6: Operating Systems and Data Transmission Basics for Digital Investigations.

Chapter 12 File Management Systems

Chapter 5 System Software.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 7: Advanced File System Management.

1 DOS with Windows 3.1 and 3.11 Operating Environments n Designed to allow applications to have a graphical interface DOS runs in the background as the.

Installing Windows XP Professional Using Attended Installation Slide 1 of 41Session 2 Ver. 1.0 CompTIA A+ Certification: A Comprehensive Approach for all.

1 Using Compressed Files and Folders Applications and operating systems read and write to compressed files. NTFS uncompresses the file before making it.

AN INTRODUCTION TO LINUX OPERATING SYSTEM Zihui Han.

Linux Networking and Security Chapter 10 File Security.

Hands-on: Capturing an Image with AccessData FTK Imager

MCSE Guide to Microsoft Windows 7 Chapter 5 Managing File Systems.

Code Injection and Software Cracking’s Effect on Network Security Group 5 Jason Fritts Utsav Kanani Zener Bayudan ECE 4112 Fall 2007.

Section 6.1 Explain the development of operating systems Differentiate between operating systems Section 6.2 Demonstrate knowledge of basic GUI components.

Securing Operating Systems Chapter 10. Security Maintenance Practices and Principles Basic proactive security can prevent many problems Maintenance involves.

Objectives Learn what a file system does

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 7: Advanced File System Management.

Copyright © 2002 ProsoftTraining. All rights reserved. Operating System Security.

Windows This presentation is an amalgam of presentations by Mark Michael, Randy Marchany and Ed Skoudis. I have edited and added material. Dr. Stephen.

LIS508 lecture 5: storage devices Thomas Krichel

Chapter-4 Windows 2000 Professional Win2K Professional provides a very usable interface and was designed for use in the desktop PC. Microsoft server system.

 FILE S SYSTEM  DIFFERENT FILE SYSTEMS  FILE SYSTEM COMPONENTS  FILE OPERATIONS  LOG STRUCTERD FILE SYSTEM  FILE EXAMPLES.

Hands-On Microsoft Windows Server 2008 Chapter 5 Configuring, Managing, and Troubleshooting Resource Access.

1 Chapter 12 File Management Systems. 2 Systems Architecture Chapter 12.

1 File Systems Chapter Files 6.2 Directories 6.3 File system implementation 6.4 Example file systems.

Window NT File System JianJing Cao (#98284).

CIS 450 – Network Security Chapter 16 – Covering the Tracks.

Hands-On Microsoft Windows Server 2008 Chapter 5 Configuring, Managing, and Troubleshooting Resource Access.

Data and its manifestations. Storage and Retrieval techniques.

Binary Auditing Geller Bedoya Michael Wozniak. Background  Binary auditing is a technique used to test the security and discover the inner workings of.

Disk Fragmentation 1. Contents What is Disk Fragmentation Solution For Disk Fragmentation Key features of NTFS Comparing Between NTFS and FAT 2.

File System Management File system management encompasses the provision of a way to store your data in a computer, as well as a way for you to find and.

Managing Disks and Drives Chapter 13 powered by dj.

MD5 Summary and Computer Examination Process Introduction to Computer Forensics.

Module 4.0: File Systems File is a contiguous logical address space.

MCSE Guide to Microsoft Windows Vista Professional Chapter 5 Managing File Systems.

IT320 OPERATING SYSTEM CONCEPTS Unit 7: File Management May 2012 Kaplan University 1.

CAP Cryptographic Analysis Program General Help Presentation Press Enter or click on your mouse button to continue.

Chapter 4 Sharing Files. FIGURE 4.0.F01: Sharing files for reading on Microsoft Windows 8.1. Used with permission from Microsoft.

IT320 OPERATING SYSTEM CONCEPTS Unit 7: File Management July 2011 Kaplan University 1.

Operating Systems 1 K. Salah Module 4.0: File Systems  File is a contiguous logical address space (of related records)  Access Methods  Directory Structure.

MCSE GUIDE TO MICROSOFT WINDOWS 7 Chapter 5 Managing File Systems.

Digital Forensics Dr. Bhavani Thuraisingham The University of Texas at Dallas Lecture #8 File Systems September 22, 2008.

Chapter 9 Lecture 4. NetWare Novell’s network operating system Biggest competitor – Microsoft Windows.

Silberschatz, Galvin and Gagne ©2011 Operating System Concepts Essentials – 8 th Edition Chapter 3: Windows7 Part 3.

IDS And Tripwire Rayhan Mir COSC 356. What is IDS IDS - Intrusion detection system Primary function – To monitor network or host resources to detect intrusions.

11 SUPPORTING WINDOWS XP FILE AND FOLDER ACCESS Chapter 5.

VMware Recovery Software RECOVER DATA FROM CORRUPT VMDK FILE.

Instructor: Syed Shuja Hussain Chapter 4: Operating System Basics.

Lesson 9: SOFTWARE ICT Fundamentals 2nd Semester SY

File-System Management

I have edited and added material.

Windows XP File Systems

Chapter 3: Windows7 Part 3.

Operating System Security

3.1 Basic Concept of Directory and Sub-directory

Presentation transcript:

1 CHAPTER 5 DIFFING

2 What is Diffing? Practice of comparing two sets of data, before and after a changed has occurred Practice of comparing two sets of data, before and after a changed has occurred Purpose to determine what data to modify in the data file directly to cause the change behind the application’s back Purpose to determine what data to modify in the data file directly to cause the change behind the application’s back The two things could be files, Registry entries, memory contents, packets, s etc The two things could be files, Registry entries, memory contents, packets, s etc Here we’ll limit our discussion on files (including special files such as the Window Registry) Here we’ll limit our discussion on files (including special files such as the Window Registry) Can use this technique to cheat at games, recover passwords, bypass protection mechanism etc Can use this technique to cheat at games, recover passwords, bypass protection mechanism etc

3 Tools File Comparison Tools File Comparison Tools –Determine the differences between two files –FC »Included in DOS (later in Windows) –Diff »Originates on the UNIX platform »Has limited binary comparison capabilities, but useful primarily for text file comparison »Microsoft also includes this utility called Windiff in Windows NT and Windows98 resource kit

4 Tools Hex Editors Hex Editors –Make changes to a binary file –Direct access –Hackman »Free Windows-based »Features including searching, cutting, pasting, a hex calculator, a disassembler etc –[N] Curses Hexedit »Free program »Under GPL (GNU Public License) »Available for all UNIX version, DOS »Features, search, binary calculator (converter) etc

5 Tools Hex Editors Hex Editors –Hex Workshop »Commercial software from Breakpoint Software »$49.90 U.S, windows platform »30 days trial available »Features, arithmetic functions, base converter, calculator, checksum calculator etc

6 Tools File System Monitoring Tools File System Monitoring Tools –Work on a group of files such as partition, drive letter or directory –To determine which file, this tools make the process easier –Hardway »Copy all files then compare with modified files to identify which files have been changed –File attributes »Things like dates, times, size, permissions etc

7 Tools File System Monitoring Tools File System Monitoring Tools –Using the Archive Attribute »The FAT (File Allocation Table) file system include a file attribute called the archive bit »The purpose to determine when a file had been modified since the last backup –Checksums / Hashes »Central problem when viruses, trojans or rootkits modified the files »Use checksums or cryptographic hash algorithm

8 Problems Challenges to edit data files directly Challenges to edit data files directly Checksums / Hashes Checksums / Hashes –Checksum or hash being store with the files –Small value represent a block of data to compare old files and new files, if same proceed if not file corrupt Compression / Encryption Compression / Encryption –All files will show as changed

9 How to Secure Against Diffing No true security against this type of attack No true security against this type of attack Implement by encrypting the files using a variation of a real encryption algorithm Implement by encrypting the files using a variation of a real encryption algorithm Just to make it difficult Just to make it difficult

10 End Of Chapter 5