If you want to understand the rwx permission set, it's better to interpret it as binary. Basically, we have 3 bits that each represent r, w, and x, respectively. so, let's say I want read & execute, this translates to r-x, which translates in binary to 101, which then in turn converts to 4+1=5 in base10 :)

Briefly talks about Chmod three digit codes "you can look up resources on how this exactly works" then proceeds to explain how it exactly works lol thank you John, I love when you do that!

I used binwalk too. It was quick and easy using that than autopsy because of command line

one easy way to remember the file permissions is to know that read is 4, write is 2, and execute is 1 so r-x will be 4+1=5 and rw- will be 4+2=6

"i need to look for keys" hovers over the key folder and moves on

HOLY SHIT BRO YOU DONT EVEN KNOW HOW HELPFUL THIS WAS FOR ME HOMIE

Love this Format Mighty Friend! You can lead a horse to water but ya can't always git'em to drink.

I like the 'short' informative videos like these. Thanks

Watching this on the TV cast with my father fingers crossed 🤞 it's not to over my or rather our head(s).

Really like the alternate solution / additional extra curricular activity that you mention as applicable....

Great video, love the content. Thank you!

Great content John! Keep it up!

Nice one as allways!

Great great video John, but dude you are like sonic speed lol barely catching up , which made this vid a 40 minutes show. But the point is this is great . May God bless you brother

I like using autopsy and we don't even do traditional forensics as my state requires you be a PI of all things to do that. But I do use it for data recovery and I even use a hardware write blocker. Probably seems like overkill but I never have to say that I may have changed something so if the end user wants to send it to Ontrack or some other place I can argue that we never changed anything.

thanks dude

cant wait for htb cyber apocalypse videos.

I did it with commands icat and fls....it was a lot hectic though!

You are Epic

The SSH key wasn't a deleted file though

uh, he saw for the first time a kernel source tree 🙊 binwalk FTW!

Lol I just mounted the root partition as a loop device with losetup

the audio seemed low at full volume was I able to hear anything as always great vid

are you use linux for daily driver ??

Whats this GUI, I've used autopsy on windows and it wasnt a web app, had a much nicer GUI... Is it not available on Linux?

Couldn’t you just midair image; mount -t iso9660 -o loop disk.img image to mount the disk image and then use find to look for SSH keys and the like?

Watching this file failing the htb CTF xD only 8 challenges done, but I'm alone ^^

👍

Finnaly, I got your home address.

Hiiiii

1

13:40 whats that finish command 🤔🤔 can anyone explain?

I love your content, but calling things a "gimmick" when they're far from it... that's... grating. :(