jaclaz wrote:
Joshsevo wrote:
I have not only exported the pagefile.sys but before that I also grep through it using the grep strings pagefile.sys | *IP address* > location/of/file/badstuff.txt
Sure <img src="images/smiles/icon_smile.gif" alt="Smile" title="Smile" /> , and on my first reply Iexplicitly pointed you to an article:
http://blog.roberthaist.com/2013/12/restoring-windows-cmd-sessions-from-pagefile-sys-2/
that says essentially:
INSTEAD of using grep/strings try using page_brute:
https://github.com/matonis/page_brute
as it gives BETTER(contextual) results, as this way you analyze/see more relevant 4096 bytes "chunks", i.e. single memory pages.
Carpenter's comparison <img src="images/smiles/icon_eek.gif" alt="Shocked" title="Shocked" /> :
Q. I cannot plant nails on a reinforced concrete beam, what I am doing wrong?
A. Besides obviously using hardened steel nails, you should use a relatively heavy hammer, few hard hits with a chunky hammer work better generally than many hits with a "light"one.
Q.I have not onlyused a common hammer, but also tried hitting the nail on the head many, many times with a rock, but still the stupid nail won't go in.<img src="images/smiles/icon_rolleyes.gif" alt="Rolling Eyes" title="Rolling Eyes" />
jaclaz
lol I like your analogy. Sorry I read your post and read about the tool and it sounds great. But I can't bring any new software in to my office. It's one of "those" places. The tool sounded nice and I will bring this up for sure in our next meeting. Once it gets approval then it can be brought in via another office and dropped onto the dirty network for use by the analysts.
↧