Loading ...
Sorry, an error occurred while loading the content.
 

Re: [linux_forensics] cached network connections question

Expand Messages
  • Brad
    last note; I use Gentoo and when I did the installation, the environmental variable path never made it too evn, so after installation I tried the quick trick
    Message 1 of 10 , Feb 19, 2012
      last note;
      I use Gentoo and when I did the installation, the environmental variable path never made it too evn, so after installation I tried the 'quick trick' bulk_extractor --help to just test the command line. Nothing happened so I went on a 2 hr journey to find the default path (not that I was looking for a path, wasn't sure what I was looking for, it just didn't work).
      When I found the solution I wanted to slap myself twice for being a doh-doh. Yet 2 or 3 lines in the README would have saved me a lot of time.

      Your software is running strong and STILL dumping out all kinds of needed info. THANK YOU AGAIN!

      Brad



      ________________________________
      From: Simson Garfinkel <simsong@...>
      To: linux_forensics@yahoogroups.com; Brad <bcddd214@...>
      Sent: Sunday, February 19, 2012 6:15 AM
      Subject: Re: [linux_forensics] cached network connections question


      On Feb 19, 2012, at 6:07 AM, Brad wrote:

      > Tentative review on bulk_extractor.
      > The manual is in some encrypted format and if it were not for backtrack documentation I would still be 'the monkey with a lughtbulb'.
      >

      Can you please be a bit more clear? What do you mean by the manual? What do you mean "encrypted format?"


      > bulk_extractor without the path is useless and I had to comb the README for the default installation path.
      >

      I'm sorry that you did not find the usage statement to be useful. Can you please recommend a way that it could be modified to be useful to you?


      > But once I fired her up (with the -e net and -e wordlist option), even though it says 2 days to scan, this software is doing all of the work.
      >
      Which version are you using? In version 1.2 the -e option is enabled by default.


      >
      > I can tail the output files and watch them being populated with all kinds of valuable info.
      > Thank you Mr. Garfinkel, whom ever wrote this is a genius!
      > This is EXACTLY what I needed and more.  :)
      >
      > Respectfully,
      > Brad
      >
      > ________________________________
      > From: Simson Garfinkel <simsong@...>
      > To: linux_forensics@yahoogroups.com; Brad <bcddd214@...>
      > Sent: Saturday, February 18, 2012 6:58 PM
      > Subject: Re: [linux_forensics] cached network connections question
      >
      > bulk_extractor version 1.2 will find evidence of network connections and report them. It will also carve IP packets into pcap files. Give it a try and please post your results!
      >
      > On Feb 18, 2012, at 6:11 PM, Brad wrote:
      >
      > > I was curious if there were any techniques in recovering cached network connection.
      > > I cannot find anything significant on the web.
      > >
      > > Regards,
      > > Brad
      > >
      > > [Non-text portions of this message have been removed]
      > >
      > >
      >
      > [Non-text portions of this message have been removed]
      >
      > ------------------------------------
      >
      > Yahoo! Groups Links
      >
      > [Non-text portions of this message have been removed]
      >
      >



      [Non-text portions of this message have been removed]



      ------------------------------------

      Yahoo! Groups Links



      [Non-text portions of this message have been removed]
    • Simson Garfinkel
      ... That s not the fault of bulk_extractor. It s a standard tool and gets installed in the standard location as specified by the configure script. ...
      Message 2 of 10 , Feb 19, 2012
        On Feb 19, 2012, at 9:22 AM, Brad wrote:

        > last note;
        > I use Gentoo and when I did the installation, the environmental variable path never made it too evn, so after installation I tried the 'quick trick' bulk_extractor --help to just test the command line. Nothing happened so I went on a 2 hr journey to find the default path (not that I was looking for a path, wasn't sure what I was looking for, it just didn't work).
        >

        That's not the fault of bulk_extractor. It's a standard tool and gets installed in the standard location as specified by the configure script.


        > When I found the solution I wanted to slap myself twice for being a doh-doh. Yet 2 or 3 lines in the README would have saved me a lot of time.
        >
        > Your software is running strong and STILL dumping out all kinds of needed info. THANK YOU AGAIN!
        >
        > Brad
        >
        > ________________________________
        > From: Simson Garfinkel <simsong@...>
        > To: linux_forensics@yahoogroups.com; Brad <bcddd214@...>
        > Sent: Sunday, February 19, 2012 6:15 AM
        > Subject: Re: [linux_forensics] cached network connections question
        >
        >
        > On Feb 19, 2012, at 6:07 AM, Brad wrote:
        >
        > > Tentative review on bulk_extractor.
        > > The manual is in some encrypted format and if it were not for backtrack documentation I would still be 'the monkey with a lughtbulb'.
        > >
        >
        > Can you please be a bit more clear? What do you mean by the manual? What do you mean "encrypted format?"
        >
        > > bulk_extractor without the path is useless and I had to comb the README for the default installation path.
        > >
        >
        > I'm sorry that you did not find the usage statement to be useful. Can you please recommend a way that it could be modified to be useful to you?
        >
        > > But once I fired her up (with the -e net and -e wordlist option), even though it says 2 days to scan, this software is doing all of the work.
        > >
        > Which version are you using? In version 1.2 the -e option is enabled by default.
        >
        > >
        > > I can tail the output files and watch them being populated with all kinds of valuable info.
        > > Thank you Mr. Garfinkel, whom ever wrote this is a genius!
        > > This is EXACTLY what I needed and more. :)
        > >
        > > Respectfully,
        > > Brad
        > >
        > > ________________________________
        > > From: Simson Garfinkel <simsong@...>
        > > To: linux_forensics@yahoogroups.com; Brad <bcddd214@...>
        > > Sent: Saturday, February 18, 2012 6:58 PM
        > > Subject: Re: [linux_forensics] cached network connections question
        > >
        > > bulk_extractor version 1.2 will find evidence of network connections and report them. It will also carve IP packets into pcap files. Give it a try and please post your results!
        > >
        > > On Feb 18, 2012, at 6:11 PM, Brad wrote:
        > >
        > > > I was curious if there were any techniques in recovering cached network connection.
        > > > I cannot find anything significant on the web.
        > > >
        > > > Regards,
        > > > Brad
        > > >
        > > > [Non-text portions of this message have been removed]
        > > >
        > > >
        > >
        > > [Non-text portions of this message have been removed]
        > >
        > > ------------------------------------
        > >
        > > Yahoo! Groups Links
        > >
        > > [Non-text portions of this message have been removed]
        > >
        > >
        >
        > [Non-text portions of this message have been removed]
        >
        > ------------------------------------
        >
        > Yahoo! Groups Links
        >
        > [Non-text portions of this message have been removed]
        >
        >



        [Non-text portions of this message have been removed]
      • Brad
        Understood, Gentoo is still slightly exotic,,,,, but not really. ... ________________________________ From: Simson Garfinkel To:
        Message 3 of 10 , Feb 19, 2012
          Understood, Gentoo is still slightly exotic,,,,, but not really.
          :)



          ________________________________
          From: Simson Garfinkel <simsong@...>
          To: linux_forensics@yahoogroups.com
          Sent: Sunday, February 19, 2012 9:27 AM
          Subject: Re: [linux_forensics] cached network connections question


          On Feb 19, 2012, at 9:22 AM, Brad wrote:

          > last note;
          > I use Gentoo and when I did the installation, the environmental variable path never made it too evn, so after installation I tried the 'quick trick' bulk_extractor --help to just test the command line. Nothing happened so I went on a 2 hr journey to find the default path (not that I was looking for a path, wasn't sure what I was looking for, it just didn't work).
          >

          That's not the fault of bulk_extractor.  It's a standard tool and gets installed in the standard location as specified by the configure script.


          > When I found the solution I wanted to slap myself twice for being a doh-doh. Yet 2 or 3 lines in the README would have saved me a lot of time.
          >
          > Your software is running strong and STILL dumping out all kinds of needed info. THANK YOU AGAIN!
          >
          > Brad
          >
          > ________________________________
          > From: Simson Garfinkel <simsong@...>
          > To: linux_forensics@yahoogroups.com; Brad <bcddd214@...>
          > Sent: Sunday, February 19, 2012 6:15 AM
          > Subject: Re: [linux_forensics] cached network connections question
          >
          >
          > On Feb 19, 2012, at 6:07 AM, Brad wrote:
          >
          > > Tentative review on bulk_extractor.
          > > The manual is in some encrypted format and if it were not for backtrack documentation I would still be 'the monkey with a lughtbulb'.
          > >
          >
          > Can you please be a bit more clear? What do you mean by the manual? What do you mean "encrypted format?"
          >
          > > bulk_extractor without the path is useless and I had to comb the README for the default installation path.
          > >
          >
          > I'm sorry that you did not find the usage statement to be useful. Can you please recommend a way that it could be modified to be useful to you?
          >
          > > But once I fired her up (with the -e net and -e wordlist option), even though it says 2 days to scan, this software is doing all of the work.
          > >
          > Which version are you using? In version 1.2 the -e option is enabled by default.
          >
          > >
          > > I can tail the output files and watch them being populated with all kinds of valuable info.
          > > Thank you Mr. Garfinkel, whom ever wrote this is a genius!
          > > This is EXACTLY what I needed and more.  :)
          > >
          > > Respectfully,
          > > Brad
          > >
          > > ________________________________
          > > From: Simson Garfinkel <simsong@...>
          > > To: linux_forensics@yahoogroups.com; Brad <bcddd214@...>
          > > Sent: Saturday, February 18, 2012 6:58 PM
          > > Subject: Re: [linux_forensics] cached network connections question
          > >
          > > bulk_extractor version 1.2 will find evidence of network connections and report them. It will also carve IP packets into pcap files. Give it a try and please post your results!
          > >
          > > On Feb 18, 2012, at 6:11 PM, Brad wrote:
          > >
          > > > I was curious if there were any techniques in recovering cached network connection.
          > > > I cannot find anything significant on the web.
          > > >
          > > > Regards,
          > > > Brad
          > > >
          > > > [Non-text portions of this message have been removed]
          > > >
          > > >
          > >
          > > [Non-text portions of this message have been removed]
          > >
          > > ------------------------------------
          > >
          > > Yahoo! Groups Links
          > >
          > > [Non-text portions of this message have been removed]
          > >
          > >
          >
          > [Non-text portions of this message have been removed]
          >
          > ------------------------------------
          >
          > Yahoo! Groups Links
          >
          > [Non-text portions of this message have been removed]
          >
          >



          [Non-text portions of this message have been removed]



          ------------------------------------

          Yahoo! Groups Links



          [Non-text portions of this message have been removed]
        Your message has been successfully submitted and would be delivered to recipients shortly.