search

MongoDB

hashtag
What type of attacks?

LogoRansomware resistance in ProvenDBMediumchevron-right

hashtag
Forensic Value:

hashtag
File Location:

  • /etc/mongod.conf

    • Default config

  • /var/log/mongodb/mongodb.log

    • Default log location

  • /data/db

    • default DB location

  • /var/lib/mongodb

    • possible DB location

hashtag
Parse Data:

hashtag
Considerations:

  • Default logging (0) does not track queries by default.

hashtag
Analysis Tips:

  • Look for the headers of tools to determine what the TA was connecting with.

Logomongodump - Database Tools - MongoDB Docsmongodbchevron-right

mongodump is a utility that creates a binary export of a database's contents. mongodump can export data.

hashtag
Anti-Forensics:

  • Clearing logs

PreviousVeeamNext"TA Tools"

Last updated