Windows Registry Forensics Cheatsheet
emacs Commands
Here are some of the most important commands that are used in emacs. Starting, Exiting, Reading and Writing Files in emacs Command Description emacs myfile Start emacs and edit myfile Ctl-x i Insert prompted for file at current position Ctl-x s Write out the file keeping current name Ctl-x Ctl-w Write out the file giving a new name when prompted Ctl-x Ctl-s Write out all files currently being worked on and exit Ctl-x Ctl-c Exit after being prompted if there any unwritten modified files Changing Position in emacs Command Description arrow keys Use the arrow keys for up, down, left and right; or: Ctl-n One line down Ctl-p One line up Ctl-f One character left Ctl-b One character right Ctl-a Move to beginning of line Ctl-e Move to end of line M-f Move to beginning of next word M-b Move back to beginning of preceding word M-< Move to beginning of file M-x goto-line n Move to line n M-> Move to end of file Ctl-v or PageDown Move forward one page M-v or PageUp Move backward one page Ctl-l Refresh and center screen Searching for Text in emacs Command Description Ctl-s Search forward for prompted for pattern, or for next pattern Ctl-r Search backwards for prompted for pattern, or for next pattern Changing, Adding and Deleting Text in emacs Command Description Ctl-o Insert a blank line Ctl-d Delete character at current position Ctl-k Delete the rest of the current line Ctl-_ or Ctl-x u Undo the previous operation Ctl-space Mark the beginning of the selected region; the end will be at the cursor position Ctl-w Yank (cut) the current marked region and put it in buffer Ctl-y Paste at the current position the yanked line or lines from the buffer
vi Commands
Below you can see some of the most important vi commands. Starting, Exiting, Reading and Writing Files in vi Command Description vi myfile Start vi and edit myfile vi -r myfile Start vi and edit myfile in recovery mode from a system crash :r file2<RET> Read in file2 and insert at current position :w<RET> Write out the file :w myfile<RET> Write out the file to myfile :w! file2<RET> Overwrite file2 :x<RET> or :wq<RET> Exit vi and write out modified file :q<RET> Quit vi :q!<RET> Quit vi even though modifications have not been saved Changing Position in vi Command Description arrow keys Use the arrow keys for up, down, left and right; or: j or <RET> One line down k One line up h or Backspace One character left l or Space One character right 0 Move to beginning of line $ Move to end of line w Move to beginning of next word b Move back to beginning of preceding word :0 <RET> or 1G Move to beginning of file :n <RET> or nG Move to line n :$ <RET> or G Move to last line in file ^f or PageDown Move forward one page ^b or PageUp Move backward one page ^l Refresh and center screen Searching for Text in vi Command Description /pattern<RET> Search forward for pattern n Move to next occurrence of search pattern string<RET> Search backward for pattern N Move to previous occurrence of search pattern Changing, Adding and Deleting Text in vi Command Description a Append text after cursor; stop upon Escape key A Append text at end of current line; stop upon Escape key i Insert text before cursor; stop upon Escape key I Insert text at beginning of current line; stop upon Escape key o Start a new line below current line, insert text there; stop upon Escape key O Start a new line above current line, insert text there; stop upon Escape key r Replace character at current position R Replace text starting with current position; stop upon Escape key x Delete character at current position Nx Delete N characters, starting at current position dw Delete the word at the current position D Delete the rest of the current line dd Delete the current line Ndd or dNd Delete N lines u Undo the previous operation yy Yank (cut) the current line and put it in buffer Nyy or yNy Yank (cut) N lines and put it in buffer p Paste at the current position the yanked line or lines from the buffer
Introduction to Shell
It is crucial to learn how to use the Linux shell, as there are many servers based on Linux. These are often used because Linux is less error-prone as opposed to Windows servers. For example, web servers are often based on Linux. Knowing how to use the operating system to control it effectively requires understanding and mastering Linux’s essential part, the Shell. When we first switched from Windows to Linux, does it look something like this: A Linux terminal, also called a shell or command line, provides a text-based input/output (I/O) interface between users and the kernel for a computer system. The term console is also typical but does not refer to a window but a screen in text mode. In the terminal window, commands can be executed to control the system. Terminal Emulators Terminal emulators are often used for this. Terminal emulation is software that emulates the function of a terminal. It is used to be able to use text-based programs within a graphical user interface. Many different terminal emulators exist, such as GNOME Terminal, XFCE4 Terminal, XTerm, and many others. There are also so-called command-line interfaces that run as additional terminals in one terminal and thus are multiplexers. These multiplexers include Tmux, GNU Screen, and others. In short, a terminal serves as an interface to the shell interpreter. Terminal emulators and multiplexers are beneficial extensions for the terminal. They provide us with different methods and functions to work with the terminal, such as splitting the terminal in one window, working in multiple directories, creating different workspaces, and much more. An example of the use of such a multiplexer called Tmux could look something like this: Shell The most commonly used shell in Linux is the Bourne-Again Shell (BASH) and is part of the GNU project. Everything we do through the GUI we can do with the shell. The shell gives us many more possibilities to interact with programs and processes to get information faster. Besides, many processes can be easily automated with smaller or larger scripts that make manual work much easier. Besides Bash, there also exist other shells like Tcsh/Csh, Ksh, Zsh, Fish shell, and others.
Linux Structure
History Many events led up to creating the first Linux kernel and, ultimately, the Linux operating system (OS), starting with the Unix operating system’s release by Ken Thompson and Dennis Ritchie (whom both worked for AT&T at the time) in 1970. The Berkeley Software Distribution (BSD) was released in 1977, but since it contained the Unix code owned by AT&T, a resulting lawsuit limited the development of BSD. Richard Stallman started the GNU project in 1983. His goal was to create a free Unix-like operating system, and part of his work resulted in the GNU General Public License (GPL) being created. Projects by others over the years failed to result in a working, free kernel that would become widely adopted until the creation of the Linux kernel. At first, Linux was a personal project started in 1991 by a Finnish student named Linus Torvalds. His goal was to create a new, free operating system kernel. Over the years, the Linux kernel has gone from a small number of files written in C under licensing that prohibited commercial distribution to the latest version with over 23 million source code lines (comments excluded), licensed under the GNU General Public License v2. Linux is available in over 600 distributions (or an operating system based on the Linux kernel and supporting software and libraries). Some of the most popular and well-known being Ubuntu, Debian, Fedora, OpenSUSE, elementary, Manjaro, Gentoo Linux, RedHat, and Linux Mint. Linux is generally considered more secure than other operating systems, and while it has had many kernel vulnerabilities in the past, it is becoming less and less frequent. It is less susceptible to malware than Windows operating systems and is very frequently updated. Linux is also very stable and generally affords very high performance to the end-user. However, it can be more difficult for beginners and does not have as many hardware drivers as Windows. Since Linux is free and open-source, the source code can be modified and distributed commercially or non-commercially by anyone. Linux-based operating systems run on servers, mainframes, desktops, embedded systems such as routers, televisions, video game consoles, and more. The overall Android operating system that runs on smartphones and tablets is based on the Linux kernel, and because of this, Linux is the most widely installed operating system. Linux is an operating system like Windows, iOS, Android, or macOS. An OS is software that manages all of the hardware resources associated with our computer. That means that an OS manages the whole communication between software and hardware. Also, there exist many different distributions (distro). It is like a version of Windows operating systems. With the interactive instances, we get access to the Pwnbox, a customized version of Parrot OS. This will be the primary OS we will work with through the modules. Parrot OS is a Debian-based Linux distribution that focuses on security, privacy, and development. Philosophy Linux follows five core principles: Principle Description Everything is a file All configuration files for the various services running on the Linux operating system are stored in one or more text files. Small, single-purpose programs Linux offers many different tools that we will work with, which can be combined to work together. Ability to chain programs together to perform complex tasks The integration and combination of different tools enable us to carry out many large and complex tasks, such as processing or filtering specific data results. Avoid captive user interfaces Linux is designed to work mainly with the shell (or terminal), which gives the user greater control over the operating system. Configuration data stored in a text file An example of such a file is the /etc/passwd file, which stores all users registered on the system. Components Component Description Bootloader A piece of code that runs to guide the booting process to start the operating system. Parrot Linux uses the GRUB Bootloader. OS Kernel The kernel is the main component of an operating system. It manages the resources for I/O devices the system at the hardware level. Daemons Background services are called “daemons” in Linux. Their purpose is to ensure that key functions such as scheduling, printing, and multimedia are working correctly. These small programs load after we booted or log into the computer. OS Shell The operating system shell or the command language interpreter (also known as the command line) is the interface between the OS and the user. This interface allows the user to tell the OS what to do. The most commonly used shells are Bash, Tcsh/Csh, Ksh, Zsh, and Fish. Graphics server This provides a graphical sub-system (server) called “X” or “X-server” that allows graphical programs to run locally or remotely on the X-windowing system. Window Manager Also known as a graphical user interface (GUI). There are many options, including GNOME, KDE, MATE, Unity, and Cinnamon. A desktop environment usually has several applications, including file and web browsers. These allow the user to access and manage the essential and frequently accessed features and services of an operating system. Utilities Applications or utilities are programs that perform particular functions for the user or another program. Linux Architecture The Linux operating system can be broken down into layers: Layer Description Hardware Peripheral devices such as the system’s RAM, hard drive, CPU, and others. Kernel The core of the Linux operating system whose function is to virtualize and control common computer hardware resources like CPU, allocated memory, accessed data, and others. The kernel gives each process its own virtual resources and prevents/mitigates conflicts between different processes. Shell A command-line interface (CLI), also known as a shell that a user can enter commands into to execute the kernel’s functions. System Utility Makes available to the user all of the operating system’s functionality. File System Hierarchy The Linux operating system is structured in a tree-like hierarchy and is documented in the Filesystem Hierarchy Standard (FHS). Linux is structured with the following standard top-level directories: Path Description / The top-level directory is the root filesystem and contains all of the files required to