From the course: Incident Response: Evidence Collection in Windows

Unlock the full course today

Join today to access over 22,600 courses taught by industry experts or purchase this course individually.

Using CryptCat and Tee

Using CryptCat and Tee

From the course: Incident Response: Evidence Collection in Windows

Start my 1-month free trial

Using CryptCat and Tee

- [Instructor] The next thing we need to talk about is Cryptcat and Tee. Cryptcat and Tee are two utility programs that we're going to use to capture volatile evidence from a Windows machine. Cryptcat is a utility program that's used to collect data from a Windows victim machine and send that output to our collection laptop. Now, this is going to be done over an encrypted tunnel using the two fish encryption scheme. This allows us to connect our forensic laptop to the same network as the victim machine and be able to copy data from that victim machine over to our laptop. Now, the reason we use something like Cryptcat is because if our trusted tools disc is on a CD or DVD, we can't write information to it directly. And instead, we'll have to send it over the network back to our collection laptop. To do this, you'll enter the command, crypcat, dash l, for listening, dash p, for port, and specify the port number. If you want…

Contents