[ale] ALE puzzler (or, BusyBox rocks)
Greg Freemyer
greg.freemyer at gmail.com
Thu Feb 26 11:05:58 EST 2009
>
> tar
> netcat
>
>
> tar cf - / | nc myServer myPort
>
> combined with the opposite on myServer
>
> nc -l -p myPort > embeddedFS.tar
>
> gave me the FS image I wanted. Similarly with /dev/mem, except
> using dd instead of tar. This was my first encounter with nc,
> and boy what a helpful thing it is!
Ahhh, I could make a forensic data collection expert out of you in no time. :)
FYI: nc is in our standard book of tricks, but having done data
collection for 5+yrs, I've never had to use it. Obviously I'm not
senior enough for those skills.
But seriously, I have book lerning. I can do the job. Trust me.
Greg
--
Greg Freemyer
Litigation Triage Solutions Specialist
http://www.linkedin.com/in/gregfreemyer
First 99 Days Litigation White Paper -
http://www.norcrossgroup.com/forms/whitepapers/99%20Days%20whitepaper.pdf
The Norcross Group
The Intersection of Evidence & Technology
http://www.norcrossgroup.com
More information about the Ale
mailing list