Info BackTrack

Linux & Security Tutorial

Tutorial Bulk Extractor


Bulk Ex

Bulk-extractor tool ini dibuat menggunakan bahasa C untuk di develop untuk menscan sebuah disk image…file ataupun sebuah direktory, mengekstrak informasi yang berguna seperti kartu kredit,email address, nama domain,url,nomer tlp dll, bulk extraktor bekerja tanpa parsing ke file system/struktur sebuah sistem, hasilnya bisa kita simpan di output agar mudah di analisa,parsing,atau di prosess dengan tool lain.
Bulk Extractor Viewer (BEViewer) adalah BEViewer mendukung menelusuri beberapa gambar dan
bookmark dan fitur ekspor. BEViewer juga menyediakan User
Interface untuk meluncurkan scan bulk_extractor.

bulk_extractor version 1.2.0 $Revision: 8193 $
Usage: bulk_extractor [options] imagefile
runs bulk extractor and outputs to stdout a summary of what was found where

Required parameters:
imagefile     – the file to extract
or  -R filedir  – recurse through a directory of files
SUPPORT FOR E01 FILES COMPILED IN
SUPPORT FOR AFF FILES COMPILED IN
EXIV2 COMPILED IN
-o outdir    – specifies output directory. Must not exist.
bulk_extractor creates this directory.
Options:
-b banner.txt- Add banner.txt contents to the top and bottom of every output file.
-r alert_list.txt  – a file containing the alert list of features to alert
(can be a feature file or a list of globs)
(can be repeated.)
-w stop_list.txt   – a file containing the stop list of features (white list
(can be a feature file or a list of globs)s
(can be repeated.)
-F   – Read a list of regular expressions from to find
-f   – find occurances of ; may be repeated.
results go into find.txt
-q nn        – Quiet; only print every nn status reports

Tuning parameters:
-C NN         – specifies the size of the context window (default 16)
-G NN         – specify the page size (default 16777216)
-g NN         – specify margin (default 1048576)
-W n1:n2      – Specifies minimum and maximum word size
(default is -w6:14
-j NN         – Number of threads to run (default 2)

Path Processing Mode:
-p /f  – print the value of with a given format.
formats: r = raw; h = hex.
Specify -p – for interactive mode.
Specify -p -http for HTTP mode.

Parallelizing:
-Y      – Start processing at o1 (o1 may be 1, 1K, 1M or 1G)
-Y – – Process o1-o2
-A     – Add to all reported feature offsets

Debugging:
-V print version number
-c           – Enable Crash Protection
-M nn        – sets max recursion depth (default 5)
-z nn        – start on page nn
-dN          – debug mode (see source code
-Z           – zap (erase) output directory

Control of Scanners:
-P

– Specifies a plugin directory
-E scanner   – turn off all scanners except scanner
-m     – maximum number of minutes to wait for memory starvation
default is 60

-e net – enable scanner net
-e wordlist – enable scanner wordlist

-x accts – disable scanner accts
-x base64 – disable scanner base64
-x kml – disable scanner kml
-x email – disable scanner email
-x gps – disable scanner gps
-x aes – disable scanner aes
-x json – disable scanner json
-x exif – disable scanner exif
-x zip – disable scanner zip
-x gzip – disable scanner gzip
-x pdf – disable scanner pdf
-x hiber – disable scanner hiber
-x winprefetch – disable scanner winprefetch

Untuk melihat contoh partisi yang akan discan,silahkan ketik :
Bulk Ex5
Kali ini saya akan menscan drive Yang berlokasi di /dev/sda13
Hasil dari ekstrack filesystem yang berisi email,data file zip,no.tlp,
coba aja ya broo…..explore!!
Create by : Igor Nainggolan

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: