MongoDB
What type of attacks?
Forensic Value:
File Location:
/
etc/mongod.conf
Default config
/var/log/mongodb/mongodb.log
Default log location
/data/db
default DB location
/var/lib/mongodb
possible DB location
Parse Data:
Considerations:
Default logging (0) does not track queries by default.
Analysis Tips:
Look for the headers of tools to determine what the TA was connecting with.
mongodump
is a utility that creates a binary export of a database's contents. mongodump
can export data.
Anti-Forensics:
Clearing logs
Last updated