FOCA Online - Informática 64 | Cyber Byt
FOCA examines the metadata in documents, which reveals a wealth of the document, e-mail address, internal IP (Internet Protocol) addresses and much more. Alonso, a security researcher with Informatica64, a Spanish consultancy. to see if a particular computer or user has up-to-date patches. FOCA (Fingerprinting Organizations with Collected Archives) is a tool used mainly to find metadata and hidden information in the documents its. Informatica64 release Forensic FOCA (Fingerprinting Organizations with This makes it possible to quickly view the events of a certain date. image of his Girl Friend, which included a gloating message to his online victims.
This metadata can give us insight into such information as the users could be critical in cracking passwordsoperating system exploits are OS-specificemail addresses possibly for social engineeringthe software used once again, exploits are OS- and more and more often, application-specificand if we are really lucky, passwords.
The first task we need to do is to start a new project and then tell FOCA where we want to save our results.
Click on image to enlarge. I created a new directory at c: Of course, you can save your results wherever is convenient for you, or use the default temp directory. Create a Project In this tutorial, I will be starting with a project named after the information security training company, SANS, which is located at sans.
Powerful tool to scour document metadata updated
Getting the Metadata Once I create my project, I can go to the object explorer to the far left and select Metadata. This enables us to pull the metadata from the files on the website that contain metadata. When you select metadata, you will pull up a screen like that below.
In our case here, we will be searching sans.
When I hit the Search button next to the window, it will begin to search and find all the. Of course, if you were searching for. You can also search for multiple filetypes by listing them after filetype, such as: I chose to download all the. Microsoft's Office files collect significant amounts of data as they are being created and edited that we can then extract. However, due to the nature of the Metashield Analyzer service, you acknowledge and accept that once the service has been totally executed, you will have lost your right to withdrawal.
The techniques used to this end are: Each link is analyzed to extract from it new host and domain names. To perform this task as accurately as possible, the analysis is carried out against a DNS that is internal to the organization.
Common names This module is designed to carry out dictionary attacks against the DNS.
HolisticInfoSec™: More on OSINT with FOCA in toolsmith
It uses a text file containing a list of common host names such as ftp, pc01, pc02, intranet, extranet, internal, test, etc. DNS Prediction Used for those environments where a machine name has been discovered that is reason to suspect that a pattern is used in the naming system. Robtex The Robtex service is one of many services available on the Internet to analyze IP addresses and domain names. FOCA uses it in its attempt to discover new domains by searching the information available in Robtext on the latter.
Today, it has become a reference in the computer security sector due to the many options it includes. Thanks to the aforementioned FOCA options, it is possible to undertake multiple attacks and analysis techniques such as: