Loading ...
Sorry, an error occurred while loading the content.

Urgent Reply requested and guidline needed

Expand Messages
  • santoshmtl
    Hello Friends, I am really new to Forensic field. I am doing Master of Engineering in Information Systems Security. I like this IT Security Field. Since, I am
    Message 1 of 1 , Nov 14, 2009
    • 0 Attachment
      Hello Friends,

      I am really new to Forensic field. I am doing Master of Engineering in Information Systems Security. I like this IT Security Field.

      Since, I am more interested to work on Digital Forensic field I have started reading Digital Forensic books. I bought two books one is File system forensic and an other one is Real digital forensics.

      I have started reading "Real Digital Forensics" book since yesterday and trying to use its commands as those are mentioned in the book. I am stuck on Chapter one of this book due to few issues. That issue I am going to describe as under.

      The name of that book's chapter one is Windows Live Response.

      According to that chapter in windows live responses we have to collect volatile and non volatile data from attacked system

      My Experiment:-

      1- I have made Virtual network with Windows Server 2003 as a Domain, windows 2003 as a client, Windows xp as client, and windows xp
      2- In windows xp which is use to collect the data and know as forensic system and in windows server 2003 which his Domain I installed Netcat tool from http://www.securityfocus.com/tools/139 and I unzipped them in each system
      3- Then I opened the command prompt in both systems then I typed the command in forensics system like " nc –v –l –p 2222 > command.txt"
      4- In windows server I typed this command like " command | nc 192.168.1.69 2222"

      As soon as I typed above commands in each system the command prompt of forensic system showed that connection is established then I go back to the attacked system where I need to gather data such as current time and date of the attacked system. I typed data and time command in the command prompt but it does nothing even it is not showing any thing in the forensic system…???


      Now my problem is whatever command I type in attacked systems command prompt I get copy of those commands in the forensics' command.txt document but the out puts.

      I got this out put in forensic text file

      Microsoft(R) Windows DOS
      (C)Copyright Microsoft Corp 1990-2001.

      C:\DOCUME~1\ADMINI~1.SER\DESKTOP\NC111NT>date

      C:\DOCUME~1\ADMINI~1.SER\DESKTOP\NC111NT>time

      I do not know where I am falling or what I have done wrong?

      I will really thankful if someone help me or guide me to collect those volatile and non volatile data from windows live response.

      I hope to hear positive reply and thanks in advance for helping me and guiding me.
    Your message has been successfully submitted and would be delivered to recipients shortly.