800+ IT
News
als RSS Feed abonnieren๐ RdpCacheStitcher - RdpCacheStitcher Is A Tool That Supports Forensic Analysts In Reconstructing Useful Images Out Of RDP Cache Bitmaps
๐ก Newskategorie: IT Security Nachrichten
๐ Quelle: feedproxy.google.com
RdpCacheStitcher is a tool that supports forensic analysts in reconstructing useful images out of RDP cache bitmaps. Using raw RDP cache tile bitmaps extracted by tools like e.g. ANSSI's BMC-Tools (https://github.com/ANSSI-FR/bmc-tools) as input, it provides a graphical user interface and several placement heuristics for stitching tiles together so that meaningful images or even full screenshots can be reconstructed.
- Show hints where a selected tile might fit best visually
- Provide an ordered list of tiles that could best be placed visually for a selected empty cell
- When hovering over a tile, preview how it might look when placed
- Work with multiple screens per case
- Options to exclude already used, non-square or duplicate tiles
- Crop and export all reconstructed images belonging to a case as PNG
- The sub-window with all available tiles is dockable, i.e. it can be its own window and move to a different display
- Keep individual notes per screen
Manual
A complete manual with a description of all features and the workflow for a typical use case can be found in the document RdpCacheStitcher_manual.pdf.
Installing prerequisites and starting RdpCacheStitcher
You can download prebuilt binaries of RdpCacheStitcher for 64bit Linux and Windows at https://github.com/BSI-Bund/RdpCacheStitcher/releases/. For each system you have to install one necessary prerequisite first.
Ubuntu
- Install the package libqt5widgets5:
sudo apt install libqt5widgets5 - Run
RdpCacheStitcher
Windows
- Install the Microsoft Visual C++ 2017 Redistributable (64 bit) package on your Windows machine (https://aka.ms/vs/16/release/vc_redist.x64.exe)
- Unzip the RdpCacheStitcher archive anywhere on your system
- Run
RdpCacheStitcher.exe
Build from source
If you want to build RdpCacheStitcher from source, you need to install the Qt development framework first. Then, simply open the file RdpCacheStitcher.pro in Qt Creator and build the project from there.