Shopping cart    |      
Home » Forums
Results 1 to 4 of 4

Thread: Keylogger Hash use?

Hybrid View

  1. 06-21-2011, 06:33 AM #1
    ericsouthga
    ericsouthga is offline Newbie
    Join Date
    Jun 2011
    Posts
    1

    Default Keylogger Hash use?

    I just found the product and WOW, I love this program!!

    I am testing things out and I saw the Hash sets, and the one that has the keyloggers in it.

    How do I mount a drive and then check it for keyloggers with this hash set?

    I have the drive mounted, and I have the Hash set made active, but that is it. I am not sure how you scan the mounted drive for keyloggers?

    Thanks for any help!!
    Reply With Quote Reply With Quote
  2. 06-21-2011, 06:55 AM #2
    David (PassMark)'s Avatar
    David (PassMark)
    David (PassMark) is offline Administrator
    Join Date
    Jan 2003
    Location
    Sydney Australia
    Posts
    4,140

    Default

    You can look up a file in a hash set from, for example, the "File name search" function. You need to do a search first, but you can search for * for find all files.

    Right click on a file, or multiple files, and select lookup in hash set from the right click menu.

    For others reading this post, you can set the current hash set from the "Hash sets" window. You can download some example hashsets from this page,
    http://www.osforensics.com/download.html

    There are some example screen shots.

    Right click to check if multiple selected files are in current hash set



    Checking files to see if they are in the hash set



    Sort search results to group matches



    Check single file to see all matches for that file
    Reply With Quote Reply With Quote
  3. 09-06-2011, 12:15 PM #3
    chalzirungu
    chalzirungu is offline Newbie
    Join Date
    Sep 2011
    Location
    Nairobi, Kenya
    Posts
    1

    Thumbs up Hashing

    I am currently evaluating the Beta version of OSForensic and so far im impressed. I have the following queries:

    1. Is there a simpler way to distinguish between the grey and good hashsets results after hashing?

    2. The suspect machine i am using for testing has Symatic Endpoint Security Installed, and thus many files in the Quarantine. How comes OSF cannot hash files in the quarantine?
    Reply With Quote Reply With Quote
  4. 09-06-2011, 08:35 PM #4
    David (PassMark)'s Avatar
    David (PassMark)
    David (PassMark) is offline Administrator
    Join Date
    Jan 2003
    Location
    Sydney Australia
    Posts
    4,140

    Default

    1) The latest beta has actually changed a bit from the screen shots above. There is now an icon that appears if the file is in the hash set. Not sure if this is what you were really asking about however? Can you give an example.

    2) Are you doing this on a live machine, or on a disk image. Maybe Symantec is blocking access to the files if this is on a live machine. I am also not sure how files are stored when they are in quarantine. Can you browse them with explorer? Maybe they are renamed, or even encrypted and thus only view-able is Symantec's product?
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules