Digital Forensic Application

[FrenziedFoo]

Hello, I'm new to the community but a long time user of the awesome tools from a side-line interest perspective.

Bit of background,  I work in digital forensics and I'm looking to see how we can successfully utilize the Bash Bunny to assist us when on scene (raids, warrants, etc).

We are authorized to use equipment/scripts/tools so long as we know how they interact with the target, and what files/data they may change.

 

My idea is that we often arrive at a residential or business premises and people do not comply with unlocking machines, terminals or servers.  Is there a way for us to pull off registry files, decrypt user logons (SAM file?), or specifically scan for files with a specific keyword, identify them, then extract them?  Or any other form of use that you believe would support the use in digital forensics?

thanks

[Jtyle6]

I don't know if this is for the Bash Bunny.

[FrenziedFoo]

44 minutes ago, Jtyle6 said:

I don't know if this is for the Bash Bunny.

 

Actually, we put the Rubber Ducky to good use as a Mouse Jiggler to keep workstations from auto-locking, so I am hopeful that the Bash Bunny has a better application based on it's beefier specification!

[chrizree]

Check the Bash Bunny payload repo on GitHub, some similar payloads already exist. If they are useful depends on the target environment (and the fact that some of them are aged and therefore might not be useful in a fully patched and correctly set up environment).

[Jtyle6]

And

Here's is some of them.

https://github.com/hak5/bashbunny-payloads/tree/master/payloads/library/recon

But. These haven't been updated to the Mark 2 Bunny.

[chrizree]

There should be no need for updating since the Mk2 is backwards compatible with "Mk1" payloads