_______/\\\\\________/\\\______________/\\\______/\\\\\\\\\______/\\\\\\\\\\\\______/\\\\\\\\\\\\\\\_ _____/\\\///\\\_____\/\\\_____________\/\\\____/\\\\\\\\\\\\\___\/\\\////////\\\___\/\\\///////////__ ___/\\\/__\///\\\___\/\\\_____________\/\\\___/\\\/////////\\\__\/\\\______\//\\\__\/\\\_____________ __/\\\______\//\\\__\//\\\____/\\\____/\\\___\/\\\_______\/\\\__\/\\\_______\/\\\__\/\\\\\\\\\\\_____ _\/\\\_______\/\\\___\//\\\__/\\\\\__/\\\____\/\\\\\\\\\\\\\\\__\/\\\_______\/\\\__\/\\\///////______ _\//\\\______/\\\_____\//\\\/\\\/\\\/\\\_____\/\\\/////////\\\__\/\\\_______\/\\\__\/\\\_____________ __\///\\\__/\\\________\//\\\\\\//\\\\\______\/\\\_______\/\\\__\/\\\_______/\\\___\/\\\_____________ ____\///\\\\\/__________\//\\\__\//\\\_______\/\\\_______\/\\\__\/\\\\\\\\\\\\/____\/\\\\\\\\\\\\\\\_ ______\/////_____________\///____\///________\///________\///___\////////////______\///////////////__ == Offline Windows Analyzer and Data Extractor == 1. Owade Black Hat introduction letter 2. Launch Owade 3. Use the UI 4. See the documentation ====================== 1. Owade Black Hat introduction letter ====================== Beyond file undeleting: OWADE You recovered a bunch of files from a used hard drive and now what ? If you ever wanted to push Windows offline forensic to the next level, come to our talk where we will show you how to use our open source tool OWADE (Offline Windows Analyzer and Data Extractor) to recover many interesting information from a used hard drive including web credentials, instant messaging credentials and user habits information. We will walk you through the entire recovery chain process and demonstrate how to use OWADE to handle Windows various level of encryption (Syskey, DPAPI…) and extract the maximum information from used drives. OWADE is based on our work on DPAPIck our tool to decrypt DPAPI secrets. We will present various statistics we computed on the data we gathered from the eBay used hard drive we bought to test and develop OWADE. ====================== 2. Launch Owade ====================== Check that you have every necessary library installed (see INSTALL file) Compile all the dependance libraries: 42sh> make EDIT constants.py the first time !!! (src/ui/owade) 42sh> make launch Or the equivalent 42sh> cd src && ./main.py Then go to http://localhost:8080/owade Notes: - The first time, you will be asked to create the database and a superuser. Take time to do those steps properly because you will have to log on the UI. - You need root rights to use most of the binary used by Owade (like ddrescue), so you will be asked to have root rights to launch Owade server. ====================== 3. Use the UI ====================== In progress... ====================== 4. See the documentation ====================== Check that you have every recommended library regarding doxygen (see INSTALL file) Then 42sh> make doc 42sh> firefox doc/html/index.html Note that the UI isn't documented because we don't expect any contributor on it and it's not the interesting part of Owade.
f0d67d8 - Minor corrections to allow symlinks
website_scraping began watching Elie/OWADE