Bulk_extractor is a program that extracts features such as email addresses, credit card numbers, URLs, and other types of information from digital evidence files. It is a useful forensic investigation tool for many tasks such as malware and intrusion investigations, identity investigations and cyber investigations, as well as analyzing imagery and pass-word cracking.
- Start Kali Linux and download memdump.mem [512 MB]
- Run bulk_extractor -o bulk wordlist memdump.mem. The results will be placed in the "bulk" folder.
- Run cd bulk and then ls -l you will see a list of files
- Use nano to view the files
- nano domain_histogram.txt. You will see domains visited on this computer and the number of times. You can use ctrl+W to search term, eg. ccsf.edu
- ctrl+X to close nano.
- nano ccn_historam.txt You will see the credit card numbers found.
- nano wordlist.txt. You will see the words and the frequency. Useful for cracking encrypted files.
Note: Copy files from host to VM: you need to shutdown the guest and setup the "shared folder" so VM can access files on a folder on the host. Or you can enable USB on VM so you can access files through USB on guest.
Reference: https://samsclass.info/121/proj/p4-Bulk.htm