Experiment No.8

Name : Divya Dipak Mali                                                              

Class : BE - computer

Roll No : 58

Subject : Cyber - Security Lab                                                                              

Aim: Study of Forensics Tools in Kali Linux

1. Forensic image tools: ddrescue

It copies data from one file or block device (hard disc, cdrom, etc.) to another, trying to

rescue the good parts first in case of read errors.

The basic operation of ddrescue is fully automatic. That is, you don't have to wait for an

error, stop the program, restart it from a new position, etc.

If you use the mapfile feature of ddrescue, the data is rescued very efficiently (only the

needed blocks are read). Also, you can interrupt the rescue at any time and resume it later at

the same point. The mapfile is an essential part of ddrescue's effectiveness.

In ddrescue dd, dd_rescue does copy data from one file or block device to another. You can specify file positions (called seek and Skip in dd). There are several differences:

• dd_rescue does not provide character conversions.

• You can tell dd_rescue to start from the end of a file and move backwards.

• dd_rescue does not truncate the output file, unless asked to.

References:

1. https://www.linux.com/topic/desktop/gnu-ddrescue-best-damaged-drive-rescue/

2. https://www.tutorialspoint.com/kali_linux/kali_linux_forensics_tools.htm

3. https://www.gnu.org/software/ddrescue/manual/ddrescue_manual.html

4. https://www.tutorialspoint.com/kali_linux/index.html

2. PDF Forensics Tools: pdf-parser

pdf-parser is a tool that parses a PDF document to identify the fundamental elements used in

the analyzed pdf file.

Generally, this is used for pdf files that you suspect has a script embedded in it.

pdf-parser is used to analysis on the malicious PDF, we can use another tool called pdf-parser. It will parse a PDF document to identify the fundamental elements used in the analyzed file.

Type command “pdf-parser /root/Desktop/evil.pdf” without quotes.

That will parse the entire PDF and its objects

References:

1. https://tools.kali.org/forensics/pdf-parser

2. https://www.tutorialspoint.com/kali_linux/index.html