课程: Deep Dive into Open-Source Intelligence

Finding deleted information in web archives

课程: Deep Dive into Open-Source Intelligence

开始一个月试用

Finding deleted information in web archives

- [Instructor] When I was a kid I often dreamed about having a time machine. I thought it'd be awesome to travel back in time, get do-overs, and explore alternate times. I revisited this dream early in my penetration testing career when I came across a target's website with sensitive information. A couple of days later, I went back to the bookmarked URL to take a screenshot and the information was gone. I was so upset with myself that I hadn't captured the information on the target's website before it was removed. It wasn't until later in my career when an attorney told me about the Wayback Machine. This attorney was able to use an internet time machine to go back in time and take screenshots, giving them the evidence they needed before it was deleted on websites. Archive.org, or the Wayback Machine, is an online archive of the internet founded in 2001 by the Internet Archive, which is a nonprofit organization based out of San Francisco, California. The Wayback Machine stores petabytes of data containing hundreds of billions of web pages at different points in time. The OSINT value contained in the Wayback Machine is tremendous. We have the power to visit websites at different points in time and see deleted information. The possibilities are endless, but imagine being able to visit your target's website before they had a security team. Once the organization is large enough to have an Information Security Team, a lot of mistakes and sensitive information being disclosed will be cleaned up. But by using the Wayback Machine, you have the opportunity to go back in time and collect the information before it's removed from your target's website. While the Wayback Machine is often the most lucrative tool to discover historical website information, there have been times when I've come across websites that were not archived or the frequency between archives was too long to obtain useful information. In the unique situation where you need a more current version of the website or the original site has been taken down, it's worth checking out search engine caches. Search engine cache will show what a website looked like the last time a web crawler indexed the website. Most people don't realize what's on the internet really does live forever. Whether you use the Wayback Machine or a search engine cache, there's plenty of deleted mistakes that can be found on the internet during your OSINT investigation.

内容