MongoDB

What type of attacks?

Ransomware resistance in ProvenDBProvenDB

Forensic Value:

File Location:

• /etc/mongod.conf

  • Default config

• /var/log/mongodb/mongodb.log

  • Default log location

• /data/db

  • default DB location

• /var/lib/mongodb

  • possible DB location

Parse Data:

Considerations:

• Default logging (0) does not track queries by default.

Analysis Tips:

• Look for the headers of tools to determine what the TA was connecting with.

mongodumpmongodb

mongodump is a utility that creates a binary export of a database's contents. mongodump can export data.

Anti-Forensics:

• Clearing logs