Announcement

Collapse
No announcement yet.

MABS tools and techniques

Collapse
This is a sticky topic.
X
X
Collapse
 
  • Page of 2
  • Filter
  • Time
  • Show
Clear All
new posts
Previous 1 2 template Next
    #1

    MABS tools and techniques

    Seems we have a lot of MABS threads that never get off the ground, because the initial reporter hasn't taken time to do any investigation. I've also seen plenty of threads, over the years, where the subject of investigation gets wind and changes their online presence.


    With those symptoms in mind, it's a good idea to share some tools and basic investigative techniques, to enable all Bullies to better pursue investigations.


    This will be the first in a series of posts which exposes tools and methods for gathering information, with a focus on martial arts. goodlun and I will be posting videos, screenshots, links, and write-ups, here.

    This is a MABS sticky thread, so off-topic posts and derails WILL be culled to a new location. But, if you have constructive tips or advice to add, here, it will be welcomed.
    Consider for a moment that there is no meme about brown-haired, brown-eyed step children.
    Tags: None
    • Stuck
    #2
    Lesson 0: CamStudio. Excellent screengrab software. You should have it installed by default. http://www.camstudio.org/
    Consider for a moment that there is no meme about brown-haired, brown-eyed step children.

    Comment

      #3
      Lesson 2: Introduction to CaseFile, and harvesting information on IP addresses and domain names

      This one was ready, first, so I'm putting it out there. The first thing you should do is in Lesson 1, which should be going online sometime today. Until then...


      There are a couple of pro-tips I didn't include in the video, because unscripted. I also failed to write them down, but I remember one right now. Many internet providers and hosting companies, these days, will force you to take a CIDR block of 8 addresses (a /29, in tech parlance, which translates to 5 usable IP addresses). That is because ARIN requires a public registration of information at that minimum level; so, if you're doing something disreputable, online, the WHOIS lookup will show your information, not the provider's.
      Consider for a moment that there is no meme about brown-haired, brown-eyed step children.

      Comment

        #4
        Lesson 1: HTTrack

        Start here, seriously. This is your first step. Do this before you start a MABS investigation.

        In this video, I introduce basic HTTrack usage, and have some fun sifting through images on Ashida Kim's website:
        Consider for a moment that there is no meme about brown-haired, brown-eyed step children.

        Comment

          #5
          Originally posted by submessenger View Post
          Lesson 1: HTTrack

          Start here, seriously. This is your first step. Do this before you start a MABS investigation.

          In this video, I introduce basic HTTrack usage, and have some fun sifting through images on Ashida Kim's website:
          Really like the demo - HTTrack looks like an incredibly useful tool - wish we had used it when we investigated Richard Spencer the other year.

          Question, you mentioned that when you are downloading the site and you use their bandwidth there is a risk that you might take their website down in what would be an effective DOS attack. Are we leaving ourselves open to potential prosecution?

          Comment

            #6
            Originally posted by scipio View Post
            Really like the demo - HTTrack looks like an incredibly useful tool - wish we had used it when we investigated Richard Spencer the other year.

            Question, you mentioned that when you are downloading the site and you use their bandwidth there is a risk that you might take their website down in what would be an effective DOS attack. Are we leaving ourselves open to potential prosecution?
            Not necessarily. I should have worded that better. What I mean is that it is conceivable that you could tweak the settings up high enough to saturate their bandwidth or saturate your own bandwidth. If you stick with the defaults, you're probably in no danger of causing them trouble.
            Consider for a moment that there is no meme about brown-haired, brown-eyed step children.

            Comment

              #7
              Lesson 3: Introduction to Photo Forensics


              (edit) I knew I forgot something... That's not Crocop, that's W Silva, duh, axe murderer. I can be very dense, sometimes.
              Consider for a moment that there is no meme about brown-haired, brown-eyed step children.

              Comment

                #8
                Originally posted by scipio View Post
                Really like the demo - HTTrack looks like an incredibly useful tool - wish we had used it when we investigated Richard Spencer the other year.

                Question, you mentioned that when you are downloading the site and you use their bandwidth there is a risk that you might take their website down in what would be an effective DOS attack. Are we leaving ourselves open to potential prosecution?
                That's true with the Spencer thread. His site was changed so regularly, that the thread got saturated with screen shots.

                Comment

                  #9
                  Originally posted by Cake of Doom View Post
                  That's true with the Spencer thread. His site was changed so regularly, that the thread got saturated with screen shots.
                  I know - if I remember we were scrabbling around trying to save screen shots in a format that could be posted!

                  Comment

                    #10
                    Originally posted by scipio View Post
                    I know - if I remember we were scrabbling around trying to save screen shots in a format that could be posted!
                    It may seem obvious, today, but a decent way to get screenshots of web sites is to print them to PDF or XPS. There are some quirks with that, but seems like good fodder for another short tutorial.

                    That Spencer thread also raises another topic, which is versioning - especially for volatile sites, like that. I'll add that to my list of things to get to, as well.
                    Consider for a moment that there is no meme about brown-haired, brown-eyed step children.

                    Comment

                      #11
                      OK, quick addendum to the HTTrack video. Here, I briefly cover some other HTTrack options, as well as The Wayback Machine and Google cache.
                      Consider for a moment that there is no meme about brown-haired, brown-eyed step children.

                      Comment

                        #12
                        The error level analysis page that was used here in the past is no longer up.
                        I found this one but haven't tried it yet.
                        https://29a.ch/sandbox/2012/imageerrorlevelanalysis/

                        Any other suggestions along those lines for detecting altered images?

                        Comment

                          #13
                          Originally posted by ChenPengFi View Post
                          The error level analysis page that was used here in the past is no longer up.
                          I found this one but haven't tried it yet.
                          https://29a.ch/sandbox/2012/imageerrorlevelanalysis/

                          Any other suggestions along those lines for detecting altered images?
                          I highlight a few options in my Photo Forensics video; I suppose I should also post the URLs, here. Or, you can do it yourself using GIMP or Photoshop (GIMP is covered in the video).

                          (edit)
                          https://www.izitru.com/
                          http://fotoforensics.com/
                          Consider for a moment that there is no meme about brown-haired, brown-eyed step children.

                          Comment

                            #14
                            Originally posted by submessenger View Post
                            I highlight a few options in my Photo Forensics video; I suppose I should also post the URLs, here. Or, you can do it yourself using GIMP or Photoshop (GIMP is covered in the video).

                            (edit)
                            https://www.izitru.com/
                            http://fotoforensics.com/


                            Thanks, must have missed that bit.
                            I have gimp and paint.net but was looking for online options.
                            It can be better to point to a third party site rather than,
                            "Well look what happened when I put it in this program and did xyz..."
                            when doing forensics.

                            Comment

                              #15
                              Originally posted by ChenPengFi View Post
                              Thanks, must have missed that bit.
                              I have gimp and paint.net but was looking for online options.
                              It can be better to point to a third party site rather than,
                              "Well look what happened when I put it in this program and did xyz..."
                              when doing forensics.
                              Good point. I allude to it a couple of times in the videos, but I still haven't done a chain-of-custody discussion. One of these days...
                              Consider for a moment that there is no meme about brown-haired, brown-eyed step children.

                              Comment

                              Previous 1 2 template Next

                              Collapse

                              Edit this module to specify a template to display.

                              Working...
                              X