INCIDENT RESPONSE & COMPUTER FORENSICS, SECOND EDITION
|
|
- Marianna Merritt
- 7 years ago
- Views:
Transcription
1 " - * INCIDENT RESPONSE & COMPUTER FORENSICS, SECOND EDITION CHRIS PROSISE KEVIN MANDIA McGraw-Hill /Osborne New York Chicago San Francisco Lisbon London Madrid Mexico City Milan New Delhi San Juan Seoul Singapore Sydney Toronto
2 CONTENTS Foreword Acknowledgments Introduction xxi xxiii xxv.... v i.- ".-.'!* ^^nm^fjssgt..,-./ - ;. T 1 Real-World Incidents 3 Factors Affecting Response 4 International Crime 5 Welcome to Invita 5 The PathStar Conspiracy 6 Traditional Hacks 7 So What? 9 T 2 Introduction to the Incident Response Process 11 What Is a Computer Security Incident? 12 What Are the Goals of Incident Response? 13 Who Is Involved in the Incident Response Process? 13 Incident Response Methodology 14 xi
3 vil Jill Incident Response ft Computer Forensic* Pre-Incident Preparation 16 Detection of Incidents 17 Initial Response 18 Formulate a Response Strategy 20 Investigate the Incident 24 Reporting 30 Resolution 31 So What? 32 Questions 32 T 3 Preparing for Incident Response 33 Overview of Pre-incident Preparation 34 Identifying Risk 35 Preparing Individual Hosts 36 Recording Cryptographic Checksums of Critical Files Increasing or Enabling Secure Audit Logging 39 Building Up Your Host's Defenses 46 Backing Up Critical Data 47 Educating Your Users about Host-Based Security 48 Preparing a Network 49 Installing Firewalls and Intrusion Detection Systems Using Access Control Lists on Your Routers 50 Creating a Network Topology Conducive to Monitoring.. 50 Encrypting Network Traffic 52 Requiring Authentication 52 Establishing Appropriate Policies and Procedures 53 Determining Your Response Stance 54 Understanding How Policies Can Aid Investigative Steps. 56 Developing Acceptable Use Policies 63 Designing AUPs 64 Developing Incident Response Procedures 66 Creating a Response Toolkit 66 The Response Hardware 67 The Response Software 68 The Networking Monitoring Platform 68 Documentation 69 Establishing an Incident Response Team 69 Deciding on the Team's Mission 69 Training the Team 70 So What? 73 Questions 73
4 Contents T 4 After Detection of an Incident 75 Overview of the Initial Response Phase 76 Obtaining Preliminary Information 77 Documenting Steps to Take 77 Establishing an Incident Notification Procedure 77 Recording the Details after Initial Detection 78 Initial Response Checklists 78 Case Notes 80 Incident Declaration 80 Assembling the CSIRT 81 Determining Escalation Procedures 82 Implementing Notification Procedures 83 Scoping an Incident and Assembling the : Appropriate Resources 84 Performing Traditional Investigative Steps 86 Conducting Interviews 87 Getting Contact Information 88 : Interviewing System Administrators 88 \ Interviewing Managers 89 i Interviewing End Users 90 ' Formulating a Response Strategy 90 Response Strategy Considerations 90 < Policy Verification 91 ; So What? 92 Questions 92 T 5 Live Data Collection from Windows Systems 95 Creating a Response Toolkit 96 Gathering the Tools 97 Preparing the Toolkit 98 Storing Information Obtained during the Initial Response 100 Transferring Data with netcat 100 Encrypting Data with cryptcat 102 Obtaining Volatile Data 103 Organizing and Documenting Your Investigation 103 Collecting Volatile Data 104 Scripting Your Initial Response 114 Performing an In-Depth Live Response 115 Collecting the Most Volatile Data 115
5 Incident Response ft Computer Forenslcs Creating an In-Depth Response Toolkit 115 Collecting Live Response Data 116 Is Forensic Duplication Necessary? 123 So What? 123 Questions 124 T 6 Live Data Collection from Unix Systems 125 Creating a Response Toolkit 126 Storing Information Obtained During the Initial Response Obtaining Volatile Data Prior to Forensic Duplication 128 Collecting the Data 128 Scripting Your Initial Response 137 Performing an In-Depth, Live Response 138 Detecting Loadable Kernel Module Rootkits 138 Obtaining the System Logs During Live Response 140 Obtaining Important Configuration Files 141 Discovering Illicit Sniffers on Unix Systems 141 Reviewing the /Proc File System 144 Dumping System RAM 147 So What? 148 Questions Forensic Duplication 151 Forensic Duplicates As Admissible Evidence 152 What Is a Forensic Duplicate? 153 What Is a Qualified Forensic Duplicate? 153 What Is a Restored Image? 153 What Is a Mirror Image? 154 Forensic Duplication Tool Requirements 155 Creating a Forensic Duplicate of a Hard Drive 157 Duplicating with dd and dcfldd 157 Duplicating with the Open Data Duplicator (ODD) 159 Creating a Qualified Forensic Duplicate of a Hard Drive 163 Creating a Boot Disk 163 Creating a Qualified Forensic Duplicate with SafeBack Creating a Qualified Forensic Duplicate with EnCase So What? 172 Questions 172 T 8 Collecting Network-based Evidence 173 What Is Network-based Evidence? 174 What Are the Goals of Network Monitoring? 174
6 Contents xv Types of Network Monitoring 175 Event Monitoring 175 Trap-and-Trace Monitoring 175 Full-Content Monitoring 176 Setting Up a Network Monitoring System 177 Determining Your Goals 177 Choosing Appropriate Hardware 178 Choosing Appropriate Software 180 Deploying the Network Monitor 184 Evaluating Your Network Monitor 185 Performing a Trap-and-Trace 186 Initiating a Trap-and-Trace with tcpdump 187 Performing a Trap-and-Trace with WinDump 188 Creating a Trap-and-Trace Output File 190 Using tcpdump for Full-Content Monitoring 190 Filtering Full-Content Data 191 Maintaining Your Full-Content Data Files 192 Collecting Network-based Log Files 193 So What? 194 Questions 194 T 9 Evidence Handling 197 What Is Evidence? 198 The Best Evidence Rule 198 Original Evidence 199 The Challenges of Evidence Handling 199 Authentication of Evidence 200 Chain of Custody 200 Evidence Validation 201 Overview of Evidence-Handling Procedures 202 Evidence System Description 203 Digital Photos 203 Evidence Tags 205 Evidence Labels 207 Evidence Storage 207 The Evidence Log 210 Working Copies 211 Evidence Backups 211 Evidence Disposition 212 Evidence Custodian Audits 212 So What? 213 Questions 213
7 Incident Response ft Computer Forensics T 10 Computer System Storage Fundamentals 217 Hard Drives and Interfaces 218 The Swiftly Moving ATA Standard 218 SCSI (Not Just a Bad-Sounding Word) 223 Preparation of Hard Drive Media 227 Wiping Storage Media 227 Partitioning and Formatting Storage Drives 228 Introduction to File Systems and Storage Layers 231 The Physical Layer 232 The Data Classification Layer 233 The Allocation Units Layer 234 The Storage Space Management Layer 234 The Information Classification and Application-level Storage Layers 236 So What? 236 Questions 237 T 11 Data Analysis Techniques 239 Preparation for Forensic Analysis 240 Restoring a Forensic Duplicate 241 Restoring a Forensic Duplication of a Hard Disk 241 Restoring a Qualified Forensic Duplication of a Hard Disk. 244 Preparing a Forensic Duplication for Analysis In Linux 248 Examining the Forensic Duplicate File 249 Associating the Forensic Duplicate File with the Linux Loopback Device 250 Reviewing Image Files with Forensic Suites 253 Reviewing Forensic Duplicates in EnCase 253 Reviewing Forensic Duplicates in the Forensic Toolkit Converting a Qualified Forensic Duplicate to a Forensic Duplicate 257 Recovering Deleted Files on Windows Systems 260 Using Windows-Based Tools To Recover Files on FAT File Systems 260 Using Linux Tools To Recover Files on FAT File Systems Running Autopsy as a GUI for File Recovery 264 Using Foremost to Recover Lost Files 268 Recovering Deleted Files on Unix Systems 271 Recovering Unallocated Space, Free Space, and Slack Space Generating File Lists 278
8 Contents Listing File Metadata 278 Identifying Known System Files 282 Preparing a Drive for String Searches 282 Performing String Searches 284 So What? 288 Questions 289 T 12 Investigating Windows Systems 291 Where Evidence Resides on Windows Systems 292 Conducting a Windows Investigation 293 Reviewing All Pertinent Logs 294 Performing Keyword Searches 302 Reviewing Relevant Files 303 Identifying Unauthorized User Accounts or Groups 320 Identifying Rogue Processes 320 Looking for Unusual or Hidden Files 321 Checking for Unauthorized Access Points 323 Examining Jobs Run by the Scheduler Service 326 Analyzing Trust Relationships 327 Reviewing Security Identifiers (SIDs) 328 File Auditing and Theft of Information 328 Handling the Departing Employee 331 Reviewing Searches and Files Used 332 Conducting String Searches on Hard Drives 332 So What? 333 Questions 333 T 13 Investigating Unix Systems 335 An Overview of the Steps in a Unix Investigation 336 Reviewing Pertinent Logs 337 Network Logging 337 Host Logging 340 User Activity Logging 341 Performing Keyword Searches 342 String Searches with grep 343 File Searches with find 344 Reviewing Relevant Files 344 Incident Time and Time/Date Stamps 345. Special Files 347 Identifying Unauthorized User Accounts or Groups 350 User Account Investigation 350 Group Account Investigation 351
9 will *" " incident Response ft Computer Forenslcs Identifying Rogue Processes 351 Checking for Unauthorized Access Points 352 Analyzing Trust Relationships 352 Detecting Trojan Loadable Kernel Modules 353 LKMs on Live Systems 354 LKM Elements 354 LKM Detection Utilities 355 So What? 358 Questions Analyzing Network Traffic 359 Finding Network-Based Evidence 360 Tools for Network Traffic Analysis 360 Reviewing Network Traffic Collected with tcpdump Generating Session Data with tcptrace 362 Parsing a Capture File 362 Interpreting the tcptrace Output 363 Using Snort to Extract Event Data 364 Checking for SYN Packets 365 Interpreting the Snort Output 369 Reassembling Sessions Using tcpflow 369 Focusing on FTP Sessions 369 Interpreting the tcpflow Output 370 Reviewing SSH Sessions 374 Reassembling Sessions Using Ethereal 376 Refining tcpdump Filters 378 So What? 379 Questions Investigating Hacker Tools 385 What Are the Goals of Tool Analysis? 386 How Files Are Compiled 386 Statically Linked Programs 387 Dynamically Linked Programs 387 Programs Compiled with Debug Options 387 Stripped Programs 389 Programs Packed with UPX 389 Compilation Techniques and File Analysis 392 Static Analysis of a Hacker Tool 394 Determining the Type of File 394 Reviewing the ASCII and Unicode Strings 395 Performing Online Research 397 Performing Source Code Review 398
10 Contents x * x Dynamic Analysis of a Hacker Tool 399 Creating the Sandbox Environment 399 Dynamic Analysis on a Unix System 401 Dynamic Analysis on a Windows System 409 So What? 413 Questions 413 T 16 Investigating Routers 415 Obtaining Volatile Data Prior to Powering Down 416 Establishing a Router Connection 417 Recording System Time 417 Determining Who Is Logged On 417 Determining the Router's Uptime 418 Determining Listening Sockets 419 Saving the Router Configuration 420 Reviewing the Routing Table 421 Checking Interface Configurations 422 Viewing the ARP Cache 423 Finding the Proof 423 Handling Direct-Compromise Incidents 423 Handling Routing Table Manipulation Incidents 425 Handling Theft of Information Incidents 426 Handling Denial-of-Service (DoS) Attacks 426 Using Routers as Response Tools 428 Understanding Access Control Lists (ACLs) 428 Monitoring with Routers 430 Responding to DDoS Attacks 431 So What? 433 Questions 433 T 17 Writing Computer Forensic Reports 435 What Is a Computer Forensics Report? 436 What Is an Expert Report? 436 Report Goals 437 Report Writing Guidelines 439 Document Investigative Steps Immediately and Clearly Know the Goals of Your Analysis 440 Organize Your Report 441 Follow a Template 441 Use Consistent Identifiers 441 Use Attachments and Appendixes 442 Have Co-workers Read Your Reports 442 Use MD5 Hashes 443 Include Metadata 443
11 XX Incident Response ft Computer Forenslcs A Template for Computer Forensic Reports 444 Executive Summary 445 Objectives 445 Computer Evidence Analyzed 446 Relevant Findings 447 Supporting Details 448 Investigative Leads 451 Additional Report Subsections 451 So What? 452 Questions 453 T A Answers to Questions * 457 Chapter Chapter Chapter Chapter Chapter Chapter Chapter Chapter Chapter Chapter Chapter Chapter Chapter Chapter Chapter Chapter B Incident Response Forms 481 T Index 491
Chapter 14 Analyzing Network Traffic. Ed Crowley
Chapter 14 Analyzing Network Traffic Ed Crowley 10 Topics Finding Network Based Evidence Network Analysis Tools Ethereal Reassembling Sessions Using Wireshark Network Monitoring Intro Once full content
More informationEC-Council Ethical Hacking and Countermeasures
EC-Council Ethical Hacking and Countermeasures Description This class will immerse the students into an interactive environment where they will be shown how to scan, test, hack and secure their own systems.
More informationMSc Computer Security and Forensics. Examinations for 2009-2010 / Semester 1
MSc Computer Security and Forensics Cohort: MCSF/09B/PT Examinations for 2009-2010 / Semester 1 MODULE: COMPUTER FORENSICS & CYBERCRIME MODULE CODE: SECU5101 Duration: 2 Hours Instructions to Candidates:
More informationContents. vii. Preface. P ART I THE HONEYNET 1 Chapter 1 The Beginning 3. Chapter 2 Honeypots 17. xix
Honeynet2_bookTOC.fm Page vii Monday, May 3, 2004 12:00 PM Contents Preface Foreword xix xxvii P ART I THE HONEYNET 1 Chapter 1 The Beginning 3 The Honeynet Project 3 The Information Security Environment
More informationOpen Source and Incident Response
Open Source and Incident Response Joe Lofshult, CISSP, GCIH 1 Agenda Overview Open Source Tools FIRE Demonstration 2 Overview Incident Adverse event that threatens security in computing systems and networks.
More informationinformation security and its Describe what drives the need for information security.
Computer Information Systems (Forensics Classes) Objectives for Course Challenges CIS 200 Intro to Info Security: Includes managerial and Describe information security and its critical role in business.
More informationComputing forensics: a live analysis
April 18th, 2005 1 2 3 Objectives Evidence acquisition Recovery and examination of suspect digital evidence (think Warrick Brown on CSI) Hardware: servers, workstations, laptops, PDAs, mobiles, cameras
More informationRHCSA 7RHCE Red Haf Linux Certification Practice
RHCSA 7RHCE Red Haf Linux Certification Practice Exams with Virtual Machines (Exams EX200 & EX300) "IcGraw-Hill is an independent entity from Red Hat, Inc., and is not affiliated with Red Hat, Inc. in
More informationCompTIA Security+ Certification Study Guide. (Exam SYO-301) Glen E. Clarke. Gravu Hill
CompTIA Security+ Certification Study Guide (Exam SYO-301) Glen E. Clarke McGraw-Hill is an independent entity from CompTIA,This publication and CD may be used in assisting students to prepare for the
More informationIncident Response and Forensics
Incident Response and Forensics Yiman Jiang, President and Principle Consultant Sumus Technology Ltd. James Crooks, Manager - Advisory Services PricewaterhouseCoopers LLP UBC 2007-04-12 Outline Computer
More informationCONTENTS AT A GMi#p. Chapter I Ethical Hacking Basics I Chapter 2 Cryptography. Chapter 3 Reconnaissance: Information Gathering for the Ethical Hacker
ALL ElNis ONE CEH Certified Ethical Hacker EXAM GUIDE Matt Walker Mc Grain/ New York Chicago San Francisco Lisbon London Madrid Mexico City Milan New Delhi San Juan Seoul Singapore Sydney Toronto McGraw-Hill
More informationComputer Hacking Forensic Investigator v8
CÔNG TY CỔ PHẦN TRƯỜNG CNTT TÂN ĐỨC TAN DUC INFORMATION TECHNOLOGY SCHOOL JSC LEARN MORE WITH LESS! Computer Hacking Forensic Investigator v8 Course Description: EC-Council releases the most advanced Computer
More informationLecture outline. Computer Forensics and Digital Investigation. Defining the word forensic. Defining Computer forensics. The Digital Investigation
Computer Forensics and Digital Investigation Computer Security EDA263, lecture 14 Ulf Larson Lecture outline! Introduction to Computer Forensics! Digital investigation! Conducting a Digital Crime Scene
More informationComputer Forensic Tools. Stefan Hager
Computer Forensic Tools Stefan Hager Overview Important policies for computer forensic tools Typical Workflow for analyzing evidence Categories of Tools Demo SS 2007 Advanced Computer Networks 2 Important
More informationUnix/Linux Forensics 1
Unix/Linux Forensics 1 Simple Linux Commands date display the date ls list the files in the current directory more display files one screen at a time cat display the contents of a file wc displays lines,
More informationScene of the Cybercrime Second Edition. Michael Cross
Scene of the Cybercrime Second Edition Michael Cross Chapter 1 Facing the Cybercrime Problem Head-On 1 Introduction 2 Defining Cybercrime 2 Understanding the Importance of Jurisdictional Issues 3 Quantifying
More informationIncident Response and Computer Forensics
Incident Response and Computer Forensics James L. Antonakos WhiteHat Forensics Incident Response Topics Why does an organization need a CSIRT? Who s on the team? Initial Steps Detailed Project Plan Incident
More informationDigital Forensic. A newsletter for IT Professionals. I. Background of Digital Forensic. Definition of Digital Forensic
I Digital Forensic A newsletter for IT Professionals Education Sector Updates Issue 10 I. Background of Digital Forensic Definition of Digital Forensic Digital forensic involves the collection and analysis
More informationInformation Technology Audit & Forensic Techniques. CMA Amit Kumar
Information Technology Audit & Forensic Techniques CMA Amit Kumar 1 Amit Kumar & Co. (Cost Accountants) A perfect blend of Tax, Audit & Advisory services Information Technology Audit & Forensic Techniques
More informationManagement. Oracle Fusion Middleware. 11 g Architecture and. Oracle Press ORACLE. Stephen Lee Gangadhar Konduri. Mc Grauu Hill.
ORACLE Oracle Press Oracle Fusion Middleware 11 g Architecture and Management Reza Shafii Stephen Lee Gangadhar Konduri Mc Grauu Hill New York Chicago San Francisco Lisbon London Madrid Mexico City Milan
More informationForensics source: Edward Fjellskål, NorCERT, Nasjonal sikkerhetsmyndighet (NSM)
s Unix Definition of : Computer Coherent application of a methodical investigatory techniques to solve crime cases. Forensics source: Edward Fjellskål, NorCERT, Nasjonal sikkerhetsmyndighet (NSM) s Unix
More informationINFORMATION SECURITY TRAINING CATALOG (2015)
INFORMATICS AND INFORMATION SECURITY RESEARCH CENTER CYBER SECURITY INSTITUTE INFORMATION SECURITY TRAINING CATALOG (2015) Revision 3.0 2015 TÜBİTAK BİLGEM SGE Siber Güvenlik Enstitüsü P.K. 74, Gebze,
More informationCS 589-07: Digital Forensics Fall 2006 Instructors: Lorie Liebrock, Bob Hutchinson and David Duggan
CS 589-07: Digital Forensics Fall 2006 Instructors: Lorie Liebrock, Bob Hutchinson and David Duggan Research Paper: Collection and Analysis of Network Traffic David Burton Executive Summary The collection
More informationThe Evolution of Incident Response
The Evolution of Incident Response Intelligent Information Security By Kevin Mandia Agenda Case Studies Performing Incident Response The to Incident Response Emerging Trends Why are We Here? Conclusions
More informationHands-On How-To Computer Forensics Training
j8fm6pmlnqq3ghdgoucsm/ach5zvkzett7guroaqtgzbz8+t+8d2w538ke3c7t 02jjdklhaMFCQHihQAECwMCAQIZAQAKCRDafWsAOnHzRmAeAJ9yABw8v2fGxaq skeu29sdxrpb25zidxpbmznogtheories...ofhilz9e1xthvqxbb0gknrc1ng OKLbRXF/j5jJQPxXaNUu/It1TQHSiyEumrHNsnn65aUMPnrbVOVJ8hV8NQvsUE
More informationStructured Threats 21 External Threats 22 Internal Threats 22 Network Attacks 22 Reconnaissance Attacks 22 Access Attacks 23 Data Retrieval 23 System
xii Contents Structured Threats 21 External Threats 22 Internal Threats 22 Network Attacks 22 Reconnaissance Attacks 22 Access Attacks 23 Data Retrieval 23 System Access 24 Privilege Escalation 24 DoS
More informationDigital Forensics: The aftermath of hacking attacks. AHK Committee Meeting April 19 th, 2015 Eng. Jamal Abdulhaq Logos Networking FZ LLC
Digital Forensics: The aftermath of hacking attacks AHK Committee Meeting April 19 th, 2015 Eng. Jamal Abdulhaq Logos Networking FZ LLC Topics Digital Forensics: Brief introduction Case Studies Case I:
More informationBuild Your Own Security Lab
Build Your Own Security Lab A Field Guide for Network Testing Michael Gregg WILEY Wiley Publishing, Inc. Contents Acknowledgments Introduction XXI xxiii Chapter 1 Hardware and Gear Why Build a Lab? Hackers
More informationANTI-HACKER TOOL KIT. ourth Edition
ANTI-HACKER TOOL KIT i ' Mm. i m Fm ourth Edition m CONTENTS Acknowledgments Introduction xvii xix The Best of the Basics 1 Managing Source Code and Working with Programming Languages 3 SCM Concepts 4
More informationBuilding VPNs. Nam-Kee Tan. With IPSec and MPLS. McGraw-Hill CCIE #4307 S&
Building VPNs With IPSec and MPLS Nam-Kee Tan CCIE #4307 S& -.jr."..- i McGraw-Hill New York Chicago San Francisco Lisbon London Madrid Mexico City Milan New Delhi San Juan Seoul Singapore Sydney Toronto
More informationMore Practical Projects
More Theoretical Projects T1) Privacy-Preserving Data Dissemination Goal: Contribute to design and develoment of a scheme for privacy-preserving data dissemination. (Research papers are available from
More informationSecurity Metrics. A Beginner's Guide. Caroline Wong. Mc Graw Hill. Singapore Sydney Toronto. Lisbon London Madrid Mexico City Milan New Delhi San Juan
Security Metrics A Beginner's Guide Caroline Wong Mc Graw Hill New York Chicago San Francisco Lisbon London Madrid Mexico City Milan New Delhi San Juan Seoul Singapore Sydney Toronto Contents FOREWORD
More informationAutomating Linux Malware Analysis Using Limon Sandbox Monnappa K A monnappa22@gmail.com
Automating Linux Malware Analysis Using Limon Sandbox Monnappa K A monnappa22@gmail.com A number of devices are running Linux due to its flexibility and open source nature. This has made Linux platform
More informationNetwork Security Foundations
Network Security Foundations Matthew Strebe O San SrBBC Francisco London Introduction xv Chapter 1 Security Principles 1 Why Computers Aren't Secure 2 The History of Computer Security 4-1945 5 1945-1955
More informationStudy Guide. Professional vsphere 4. VCP VMware Certified. (ExamVCP4IO) Robert Schmidt. IVIC GratAf Hill
VCP VMware Certified Professional vsphere 4 Study Guide (ExamVCP4IO) Robert Schmidt McGraw-Hill is an independent entity from VMware Inc. and is not affiliated with VMware Inc. in any manner.this study/training
More informationOverview of Computer Forensics
Overview of Computer Forensics Don Mason, Associate Director National Center for Justice and the Rule of Law University of Mississippi School of Law [These materials are based on 4.3.1-4.3.3 in the National
More information2! Bit-stream copy. Acquisition and Tools. Planning Your Investigation. Understanding Bit-Stream Copies. Bit-stream Copies (contd.
Acquisition and Tools COMP 2555: Principles of Computer Forensics Autumn 2014 http://www.cs.du.edu/2555 1 Planning Your Investigation! A basic investigation plan should include the following activities:!
More informationP Principles of Network Forensics P Terms & Log-based Tracing P Application Layer Log Analysis P Lower Layer Log Analysis
Agenda Richard Baskerville P Principles of P Terms & -based Tracing P Application Layer Analysis P Lower Layer Analysis Georgia State University 1 2 Principles Kim, et al (2004) A fuzzy expert system for
More informationa) Encryption is enabled on the access point. b) The conference room network is on a separate virtual local area network (VLAN)
MIS5206 Week 12 Your Name Date 1. Which significant risk is introduced by running the file transfer protocol (FTP) service on a server in a demilitarized zone (DMZ)? a) User from within could send a file
More informationGetting Physical with the Digital Investigation Process
Getting Physical with the Digital Investigation Process Brian Carrier Eugene H. Spafford Center for Education and Research in Information Assurance and Security CERIAS Purdue University Abstract In this
More informationDIGITAL FORENSIC INVESTIGATION, COLLECTION AND PRESERVATION OF DIGITAL EVIDENCE. Vahidin Đaltur, Kemal Hajdarević,
DIGITAL FORENSIC INVESTIGATION, COLLECTION AND PRESERVATION OF DIGITAL EVIDENCE Vahidin Đaltur, Kemal Hajdarević, Internacional Burch University, Faculty of Information Technlogy 71000 Sarajevo, Bosnia
More informationCERIAS Tech Report 2003-29 GETTING PHYSICAL WITH THE DIGITAL INVESTIGATION PROCESS. Brian Carrier & Eugene H. Spafford
CERIAS Tech Report 2003-29 GETTING PHYSICAL WITH THE DIGITAL INVESTIGATION PROCESS Brian Carrier & Eugene H. Spafford Center for Education and Research in Information Assurance and Security, Purdue University,
More informationUnderstanding the Pros and Cons of Combination Networks 7. Acknowledgments Introduction. Establishing the Numbers of Clients and Servers 4
Mac OS X System Administration GUY HART-DAVIS Mc Graw Hill New York Chicago San Francisco Lisbon London Madrid Mexico City Milan New Delhi San Juan Seoul Singapore Sydney Toronto Acknowledgments Introduction,
More informationThe Mobile Forensic Platform
DIGITAL FORENSIC RESEARCH CONFERENCE The Mobile Forensic Platform By Frank Adelstein From the proceedings of The Digital Forensic Research Conference DFRWS 2002 USA Syracuse, NY (Aug 6 th - 9 th ) DFRWS
More informationNetwork Incident Report
To submit copies of this form via facsimile, please FAX to 202-406-9233. Network Incident Report United States Secret Service Financial Crimes Division Electronic Crimes Branch Telephone: 202-406-5850
More informationNetwork Forensics an emerging approach to an network analysis.
Network Forensics an emerging approach to an network analysis. 1 Abhishek Srivastav M.S. in Cyber Law & Information Technology Indian Institute of Information Technology, Allahabad, India Abhiit02@gmail.com
More informationCSSIA CompTIA Security+ Domain. Network Security. Network Security. Network Security. Network Security. Network Security
Security+ Supported Labs - V1 Lab 1 Network Devices and Technologies - Capturing Network Using tcpdump to Capture Network with Wireshark with Network Miner 2 Secure Network Administration Principles -
More informationDigital Forensic Tool for Decision Making in Computer Security Domain
Digital Forensic Tool for Decision Making in Computer Security Domain S. K. Khode 1,V. N. Pahune 2 and M. R. Sayankar 3 1, 2, 3 Computer Engineering Department of Bapurao Deshmukh College of Engineering,
More informationFIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. Chapter 5 Firewall Planning and Design
FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. Chapter 5 Firewall Planning and Design Learning Objectives Identify common misconceptions about firewalls Explain why a firewall
More informationHow To Understand A Firewall
Module II. Internet Security Chapter 6 Firewall Web Security: Theory & Applications School of Software, Sun Yat-sen University Outline 6.1 Introduction to Firewall What Is a Firewall Types of Firewall
More informationWebLogic Server 11g Administration Handbook
ORACLE: Oracle Press Oracle WebLogic Server 11g Administration Handbook Sam R. Alapati Mc Graw Hill New York Chicago San Francisco Lisbon London Madrid Mexico City Milan New Delhi San Juan Seoul Singapore
More informationOpen Source Security Tools
Open Source Security Tools Practical Applications for Security Tony Howlett Prentice Hall Professional Technical Reference PRENTICE Upper Saddle River, NJ 07458 www.phptr.com Preface xi Audience xii Contents
More informationHARFORD COMMUNITY COLLEGE 401 Thomas Run Road Bel Air, MD 21015 Course Outline CIS 110 - INTRODUCTION TO UNIX
HARFORD COMMUNITY COLLEGE 401 Thomas Run Road Bel Air, MD 21015 Course Outline CIS 110 - INTRODUCTION TO UNIX Course Description: This is an introductory course designed for users of UNIX. It is taught
More informationFundamentals of Mobile and Pervasive Computing
Fundamentals of Mobile and Pervasive Computing Frank Adelstein Sandeep K. S. Gupta Golden G. Richard III Loren Schwiebert Technische Universitat Darmstadt FACHBEREICH INFORMATIK B1BLIOTHEK Inventar-Nr.:
More informationComputer Forensics and Investigations Duration: 5 Days Courseware: CT 0619217065
Computer Forensics and Investigations Duration: 5 Days Courseware: CT 0619217065 Introduction The Computer Forensics and Investigation course presents methods to properly conduct a computer forensics investigation
More informationSecurity Information and
Security Information and Event Management (SIEM) Implementation DAVID R. MILLER SHON HARRIS I ALLEN A. HARPER STEPHEN VANDYKE CHRIS BLASK Mc Graw Hill New York Chicago San Francisco Lisbon London Madrid
More informationHost Hardening. Presented by. Douglas Couch & Nathan Heck Security Analysts for ITaP 1
Host Hardening Presented by Douglas Couch & Nathan Heck Security Analysts for ITaP 1 Background National Institute of Standards and Technology Draft Guide to General Server Security SP800-123 Server A
More informationConcepts of digital forensics
Chapter 3 Concepts of digital forensics Digital forensics is a branch of forensic science concerned with the use of digital information (produced, stored and transmitted by computers) as source of evidence
More informationFIREWALL CHECKLIST. Pre Audit Checklist. 2. Obtain the Internet Policy, Standards, and Procedures relevant to the firewall review.
1. Obtain previous workpapers/audit reports. FIREWALL CHECKLIST Pre Audit Checklist 2. Obtain the Internet Policy, Standards, and Procedures relevant to the firewall review. 3. Obtain current network diagrams
More informationComputer Security. Introduction to. Michael T. Goodrich Department of Computer Science University of California, Irvine. Roberto Tamassia PEARSON
Introduction to Computer Security International Edition Michael T. Goodrich Department of Computer Science University of California, Irvine Roberto Tamassia Department of Computer Science Brown University
More informationINCIDENT RESPONSE CHECKLIST
INCIDENT RESPONSE CHECKLIST The purpose of this checklist is to provide clients of Kivu Consulting, Inc. with guidance in the initial stages of an actual or possible data breach. Clients are encouraged
More informationLinux Network Security
Linux Network Security Course ID SEC220 Course Description This extremely popular class focuses on network security, and makes an excellent companion class to the GL550: Host Security course. Protocols
More informationComputer Security. Principles and Practice. Second Edition. Amp Kumar Bhattacharjee. Lawrie Brown. Mick Bauer. William Stailings
Computer Security Principles and Practice Second Edition William Stailings Lawrie Brown University ofnew South Wales, Australian Defence Force Academy With Contributions by Mick Bauer Security Editor,
More informationfor Hundreds of Ready-to-Use Phrases to Set the Stage for Productive Conversations, Meetings, and Events Meryl Runion with Diane Windingland
PERFECT PHRASES for Hundreds of Ready-to-Use Phrases to Set the Stage for Productive Conversations, Meetings, and Events Meryl Runion with Diane Windingland Mc Graw Hill New York Chicago San Francisco
More informationINTRUSION DETECTION SYSTEM
INTRUSION DETECTION SYSTEM INTRUSION DETECTION AND PREVENTION using SAX 2.0 and WIRESHARK Cain & Abel 4.9.35 Supervisor Dr. Akshai Kumar Aggarwal Director School of Computer Sciences University of Windsor
More informationProgramming Flaws and How to Fix Them
19 ö Programming Flaws and How to Fix Them MICHAEL HOWARD DAVID LEBLANC JOHN VIEGA McGraw-Hill /Osborne New York Chicago San Francisco Lisbon London Madrid Mexico City- Milan New Delhi San Juan Seoul Singapore
More informationIDS 4.0 Roadshow. Module 1- IDS Technology Overview. 2003, Cisco Systems, Inc. All rights reserved. IDS Roadshow
IDS 4.0 Roadshow Module 1- IDS Technology Overview Agenda Network Security Network Security Policy Management Protocols The Security Wheel IDS Terminology IDS Technology HIDS and NIDS IDS Communication
More informationMFP: The Mobile Forensic Platform
MFP: The Mobile Forensic Platform Frank Adelstein, Senior Principal Scientist, ATC-NY Abstract Digital forensics experts perform investigations of machines for triage to see if there is a problem, as well
More informationArchitecture Overview
Architecture Overview Design Fundamentals The networks discussed in this paper have some common design fundamentals, including segmentation into modules, which enables network traffic to be isolated and
More informationDigital Forensics and Cyber Crime Datamining
Journal of Information Security, 2012, 3, 196-201 http://dx.doi.org/10.4236/jis.2012.33024 Published Online July 2012 (http://www.scirp.org/journal/jis) Digital Forensics and Cyber Crime Datamining K.
More informationNetwork Forensics: Log Analysis
Network Forensics: Analysis Richard Baskerville Agenda P Terms & -based Tracing P Application Layer Analysis P Lower Layer Analysis Georgia State University 1 2 Two Important Terms PPromiscuous Mode
More informationManager 10g Grid Control Handbook
ORACLE Oracle Press Oracle Enterprise Manager 10g Grid Control Handbook Werner De Gruyter Matthew Hart Daniel Nguyen TECHNISCHE INFORMATIQNSBIBUOTHEK Mc Grauu Hill UNIVERSITATSBIBUOTHEK HANNOVER New York
More informationBasic & Advanced Administration for Citrix NetScaler 9.2
Basic & Advanced Administration for Citrix NetScaler 9.2 Day One Introducing and deploying Citrix NetScaler Key - Brief Introduction to the NetScaler system Planning a NetScaler deployment Deployment scenarios
More informatione-discovery Forensics Incident Response
e-discovery Forensics Incident Response NetSecurity Corporation 21351 Gentry Drive Suite 230 Dulles, VA 20166 VA DCJS # 11-5605 Phone: 703.444.9009 Toll Free: 1.866.664.6986 Web: www.netsecurity.com Email:
More informationCSCI 4250/6250 Fall 2015 Computer and Networks Security
CSCI 4250/6250 Fall 2015 Computer and Networks Security Network Security Goodrich, Chapter 5-6 Tunnels } The contents of TCP packets are not normally encrypted, so if someone is eavesdropping on a TCP
More informationGuide to Computer Forensics and Investigations, Second Edition
Guide to Computer Forensics and Investigations, Second Edition Chapter 12 Network Forensics Objectives Understand Internet fundamentals Understand network basics Acquire data on a Linux computer Guide
More informationNetwork/Internet Forensic and Intrusion Log Analysis
Course Introduction Enterprises all over the globe are compromised remotely by malicious hackers each day. Credit card numbers, proprietary information, account usernames and passwords, and a wealth of
More information2. From a control perspective, the PRIMARY objective of classifying information assets is to:
MIS5206 Week 13 Your Name Date 1. When conducting a penetration test of an organization's internal network, which of the following approaches would BEST enable the conductor of the test to remain undetected
More informationDigital Forensic Techniques
Digital Forensic Techniques Namrata Choudhury, Sr. Principal Information Security Analyst, Symantec Corporation Professional Techniques T23 CRISC CGEIT CISM CISA AGENDA Computer Forensics vs. Digital Forensics
More informationGSEC GIAC Security. Essentials Certification ONE ALL IN EXAM GUIDE. Ric Messier. Singapore Sydney Toronto
ALL IN ONE GSEC GIAC Security Essentials Certification EXAM GUIDE Ric Messier New York Chicago San Francisco Athens London Madrid Mexico City Milan New Delhi Singapore Sydney Toronto "4 McGraw-Hill Education
More informationWhere is computer forensics used?
What is computer forensics? The preservation, recovery, analysis and reporting of digital artifacts including information stored on computers, storage media (such as a hard disk or CD-ROM), an electronic
More informationComputer Forensics Basics, First Responder, Collection of Evidence
May 7, 2008 1 Computer Forensics Basics, First Responder, Collection of Evidence Omveer Singh Joint Director / Scientist D omveer@cert-in.org.in Indian Computer Emergency Response Team (CERT-In) Department
More informationCompTIA Security+ (Exam SY0-410)
CompTIA Security+ (Exam SY0-410) Length: Location: Language(s): Audience(s): Level: Vendor: Type: Delivery Method: 5 Days 182, Broadway, Newmarket, Auckland English, Entry Level IT Professionals Intermediate
More informationDesign and Implementation of a Live-analysis Digital Forensic System
Design and Implementation of a Live-analysis Digital Forensic System Pei-Hua Yen Graduate Institute of Information and Computer Education, National Kaohsiung Normal University, Taiwan amber8520@gmail.com
More informationNetworking. Sixth Edition. A Beginner's Guide BRUCE HALLBERG
Networking A Beginner's Guide Sixth Edition BRUCE HALLBERG Mc Graw Hill Education New York Chicago San Francisco Athens London Madrid Mexico City Milan New Delhi Singapore Sydney Toronto Contents Acknowledgments
More informationOverview of Network Security The need for network security Desirable security properties Common vulnerabilities Security policy designs
Overview of Network Security The need for network security Desirable security properties Common vulnerabilities Security policy designs Why Network Security? Keep the bad guys out. (1) Closed networks
More informationDescription: Objective: Attending students will learn:
Course: Introduction to Cyber Security Duration: 5 Day Hands-On Lab & Lecture Course Price: $ 3,495.00 Description: In 2014 the world has continued to watch as breach after breach results in millions of
More informationGuideline Model for Digital Forensic Investigation
Guideline Model for Digital Forensic Investigation Salma Abdalla Information Technology Industry Development Agency (ITIDA) salma@mcit.gov.eg Sherif Hazem Faculty of Engineering, Arab Academy for Science
More informationDigital Forensics. Module 4 CS 996
Digital Forensics Module 4 CS 996 Hard Drive Forensics Acquisition Bit for bit copy Write protect the evidence media EnCase for DOS Safeback (NTI: www.forensics-intl.com) Analysis EnCase FTK (www.accessdata.com)
More informationNETWORK SECURITY HACKS *
NETWORK SECURITY HACKS * Andrew %pckhart Ji O'REILLY* Beijing Cambridge Farnham Koln Paris Sebastopol Taipei Tokyo Contents Credits Preface ix xi Chapter 1. Unix Host Security 1 1. Secure Mount Points
More informationIntroduction p. 2. Introduction to Information Security p. 1. Introduction
Introduction p. xvii Introduction to Information Security p. 1 Introduction p. 2 What Is Information Security? p. 3 Critical Characteristics of Information p. 4 CNSS Security Model p. 5 Securing Components
More informationContents. Assessing Social Media Security. Chapter! The Social Media Security Process 3
Securing the Clicks: Network Security in the Age of Social Media Gary Bahadur Jason I nasi Alex de Carvalho Mc ssr New York Chicago San Francisco Lisbon London Madrid Mexico City Milan New Delhi San Juan
More informationLoophole+ with Ethical Hacking and Penetration Testing
Loophole+ with Ethical Hacking and Penetration Testing Duration Lecture and Demonstration: 15 Hours Security Challenge: 01 Hours Introduction Security can't be guaranteed. As Clint Eastwood once said,
More informationAn overview of IT Security Forensics
An overview of IT Security Forensics Manu Malek, Ph.D. Stevens Institute of Technology mmalek@ieee.org www.cs.stevens.edu/~mmalek April 2008 IEEE Calif. 1 Outline Growing Threats/Attacks Need for Security
More informationFord ANX Troubleshooting Procedure for use by Trading Partners
Ford AX Troubleshooting Procedure for use by Trading Partners Step 1: Verify Internal Routing on Trading Partner etwork Verify packets are routing correctly through Trading Partner LA/WA and Trading Partner
More informationReview Quiz 1. What is the stateful firewall that is built into Mac OS X and Mac OS X Server?
----------------------------- Chapter 1 PLANNING SYSTEM 1. What is the formal definition of utilization? 2. Name the common units in which heat load is measured. 3. What is the easiest way to determine
More informationBUILDING A SECURITY OPERATION CENTER (SOC) ACI-BIT Vancouver, BC. Los Angeles World Airports
BUILDING A SECURITY OPERATION CENTER (SOC) ACI-BIT Vancouver, BC. Los Angeles World Airports Building a Security Operation Center Agenda: Auditing Your Network Environment Selecting Effective Security
More informationCourse Title: Computer Forensic Specialist: Data and Image Files
Course Title: Computer Forensic Specialist: Data and Image Files Page 1 of 9 Course Description The Computer Forensic Series by EC-Council provides the knowledge and skills to identify, track, and prosecute
More informationApplication Intrusion Detection
Application Intrusion Detection Drew Miller Black Hat Consulting Application Intrusion Detection Introduction Mitigating Exposures Monitoring Exposures Response Times Proactive Risk Analysis Summary Introduction
More information