Bulk Extractor (BSWR)

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *

Already have an account? Sign In »

5 minutes
Video Transcription
hello and welcome to another episode of breaking stuff with Robert. Today we're going to be talking about the bulk extractor tool. So this is a forensics tool that allows you to extract information such as email addresses, credit card numbers, your ills, other types of information
through forensic images or system images.
So we're going to be doing a high level overview of that tool today through our demo and the target. Audiences for this particular tool are going to be like, if your network administrator trying to extract may be sensitive information from a system image that you have really here focused on forensic investigation,
cyber crime investigation, evidence collection, things of that nature.
So tool is going to typically be focused on my private investigators, law enforcement things of that nature.
Now you don't have to have any of the prerequisites is listed here, but it would be good to have a fundamental knowledge of forensic procedures and tools and how those things work and a fundamental knowledge of the Cali Lennox command line and how to utilize that. So, with those things in mind, let's go ahead and jump into our demo.
All right, everybody so today we're looking at bulk extractor, which is a tool again for forensics, and it distracts things from images such as email addresses, credit card numbers, Urals on bit puts it into, or it takes it from a digital evidence file. So in this case,
I'm gonna a menace playable,
v m D K. Here. And I actually ran it through the bulk extractor previously. It's pretty simple. Now. I'm not a forensics. Ah, analyst by trade. I have some experience in forensics, and information is faras like incident response and chain of custody things of that nature. But I don't date today
delve into providing forensics, but
this is definitely advantageous. If you're trying to get information out of an image, you don't wanna have to load the system. Search through everything you know. This could be useful for network administrators, system administrators, technical support, definitely big for law enforcement, cyber crimes investigators, things of that nature.
So essentially what you can do is you can do both and then extractor here and hit enter, and it gives you a number off switches that you can use and things of that nature. Now, what I did earlier was just a simple
Dachau for the output. And this creates a directory. I did bulk out buk out, but I'm not gonna recreate that. I'm gonna do bulk in so that it doesn't override anything.
And then I went to the location of the V M d. K. So in this case, we're doing that menace playable v M v k on. Then it'll run. So I'll just hit Enter here. And it outputs
into that directory that we told it to output into. Now this is going to run. It took a few minutes last time. It was relatively quick. This is a smaller file, but for the sake of time, I'm going to stop this. It will give you an output.
And as I said, um, in this case, it created a broke out directory, says you can see here with that bulk out, which was the previous run. This is broke in as I was demonstrating. And so when I go into bulk out,
as you can see, it pulled all of this information from that image without me ever having to mount or boot the image.
So if I do a nano, uh, e mail, let's see t x t.
Then it shows me all of the e mail addresses that it was able to pull
from the system. So this is just what natively lives on medicine. Plausible.
So this could be very, very useful. If you're trying to collect some information off of an image, maybe you're looking for email. Address is evidence of like going to certain domains. So, you know, in this case, we can do a domain, not t X t
actually shows some domains that we're in here,
you know, your imagination is kind of the limit to this, but there's plenty of that. It does right out of the box. And there's additional, uh,
like keyword searches that you can do with respect to the tool so you can use it to extract again sensitive information. It looks for things like credit card numbers, telephone numbers. You are elves visited and stored passwords from that image,
another information of interest that you can define by word or rejects or some kind of custom parameter that you want to pull from that.
So that's pretty much it in a nutshell, you know, get you an image from maybe, uh, Callie, Or are you know, some image that maybe you've backed up your system or server or something of that nature, and you just want to do some testing with something that's not in production? Did you see what kind of data can pull and maybe promotes and you can use cases from there? So
with that in mind, let's jump back over to our slides.
Well, I hope you enjoy that demo of the bulk extractor tool as we discussed. It's a forensic tool allows you to collect email addresses, credit card numbers, your l's other types of information from both digital evidence files as well. A system images
eso again. I hope you enjoyed the demo. There is definitely a use case, even if you're not in law. Enforcements are very fluent in forensic techniques. On with those things in mind, I want to thank you for your time today, and I look forward to seeing you again soon.