当前位置:首页 > 报告详情

工具:4n6pi - 一款轻量级、开源的取证磁盘映像工具.pdf

上传人: 可*** 编号:991858 2025-12-07 12页 641.13KB

1、4n6pi An Open-Source Forensic Disk Imager Egon Lampert Senior Incident Responder at Redguard,Switzerland 8 Years in DFIR automate all the thingsWhoami2 Forensic Investigation on decommissioned hardware with unexpected blade enclosure SOP for Imaging:Sumuris PALADIN Forensic Suite Imaging took over 2

2、4 hours using only Paladin.Only 1 Blade I/O Adapter(USB1.0)Highlighted the inefficiency in our workflow.The Case That Sparked It3 No hardware imagers available,due to cost and missing need In Switzerland it holds up in Court,as long you can proof its forensically sound Legal admissibility varies by

3、jurisdiction.The Gap4 Raspberry Pi 5 as base Open-source tools(libewf,ewfacquire)Workflow based on bash-scripts,systemd services and udev-rules Affordable ScaleableThe Idea5Libewf +=Initially developed as a Redguard-CSIRT internal tool After gaining attention on X,it was clear there was community in

4、terest,which led to open-sourcing the project.From internal tool to Open Source6 Run create-config-stick.sh Modifies UUID of partition Generates YAML template Plug in config stick Power it up Detects config stick by UUID green LED off=ready Automated imaging modes:Image to Disk S3 compatible Buckets

5、 NFS shareHow it works7 No hardware-based write blocker Software-based,read-only mounting Comparable to PaladinWrite Protection8 Centralized control server(WIP)Server discovery through mDNS Approve/Deny Agents Job management and monitoring Future hardware roadmap:Exploring Pi HAT with integrated LCD

6、 and write-blocked USB.Looking for hardware collaborators.Whats next?9 Based on received comments:Affordable unprofessional Open source enables flexibility Community mattersWrapping it up10 4n6pi was reviewed by external forensic experts,bu

word格式文档无特别注明外均可编辑修改,预览文件经过压缩,下载原文更清晰!
三个皮匠报告文库所有资源均是客户上传分享,仅供网友学习交流,未经上传用户书面授权,请勿作商用。
根据报告的内容,全文主要内容概括如下: - **4n6pi工具介绍**:一个开源的磁盘镜像工具,由Redguard的Egon Lampert开发,用于自动化数字取证流程。 - **背景**:由于成本和需求,瑞士没有可用的硬件镜像设备,但法律要求证据必须经过法医验证。 - **问题**:现有工作流程效率低下,使用Sumuri的PALADIN Forensic Suite进行镜像需要超过24小时。 - **解决方案**:使用Raspberry Pi 5和开源工具,基于bash脚本、systemd服务和udev规则构建工作流程。 - **特点**:成本低、可扩展,支持自动化镜像到磁盘、S3兼容的桶和NFS共享。 - **工作原理**:软件基于的只读挂载,类似于Paladin。 - **未来计划**:开发集中控制服务器,探索Pi HAT与集成LCD和写保护USB的硬件合作。 - **社区和反馈**:开源项目受到社区关注,根据反馈调整以保持专业性和灵活性。 - **验证**:4n6pi已由外部法医专家审查,但用户应在自己的环境中验证工作流程。
4n6pi详解" "Raspberry Pi 5打造低成本硬盘镜像解决方案" 从内部工具到开源社区的飞跃"
客服
商务合作
小程序
服务号
折叠