Definition of Forensics
What is Forensics?
Computer forensics is the process of investigating data processing equipment-- typically a home computer, laptop, server, or office workstation-- to determine if the equipment has been used for illegal, unauthorized, or unusual activities. It can also include monitoring a network for the same purpose.
|
|
Forensics
|
|
Know Your Enemy: A Forensic Analysis
This paper is a continuation of the Know Your Enemy series. The first three papers covered the tools and tactics of the black-hat community. This paper, the fourth of the series, studies step by step a successful attack of a system. However, instead of focusing on the tools and tactics used, we will focus on how we learned what happened and pieced the information together. The purpose is to give you the forensic skills necessary to analyze and learn on your own the threats your organization faces. There is also an online, interactive version of this paper published by MSNBC.
Read the Article
|
Autopsy of a successful intrusion (well, two actually)
This paper consists of the recollection and analysis of two network intrusion that I have performed as part of my duties as a computer security consultant. The name of the company I worked, as well as their customers that I hacked into, will remain anonymous for obvious reasons. The goal of this paper is to show real life cases of what computer security looks like in the wild, in corporate environments. I will try to outline the principal reasons why these intrusions were successful, and why this kind of performance could be achieved by almost anybody, putting whole networks at risks that their owner don"t even begin to realize yet.
Read the Article
|
Footprints in the Sand: Fingerprinting Exploits in System and Application Log Files
This paper will focus on the identification of the footprints that exploits leave on system logfiles and what they mean, as well as the most common traces that some recent exploits leave. It is hoped that this discussion will help to create a set of methodologies for readers to follow when conducting incident response and forensic analysis, thereby introducing readers to the world of forensic analysis using system and application log files as an evidentiary resource in place of intrusion detection systems.
Read the Article
|
IDS Logs in Forensics Investigations: An Analysis of a Compromised Honeypot
An attacker has compromised a Sun Solaris server on a production network using an exploit for the dtspcd service in CDE; a Motif-based graphical user environment for Unix systems. You are the senior security engineer of the Security Operations Center (SOC) for your company and are required to find out how the box was compromised and by whom. Using only a Snort binary capture file from the remote log server, you are to conduct a complete analysis of all IDS captures, log files, and an inspection of the file system.
Read the Article
|
Digital Media Forensics
The area of digital media forensics is not just the art of finding deleted or hidden data; it is also the understanding of the underlying technologies behind the various tools used and the ability to present scientifically valid information. Digital media forensics is a growing science that governmental agencies have long practiced, with the commercial sector not far behind. Many governmental agencies are far ahead of most companies when it comes to searching, seizing, and analyzing information systems and the proper accountability of digital evidence.
Read the Article
|
Detailed Forensic Procedure for Laptop Computers
Forensic analysis is the process of accurately documenting and interpreting information for presentation to an authoritative group. In most situations that group would be a court of law, but management will often request forensic preservation of information as well. Due to the easily changeable nature of digital information, great care must be put into the handling of any forensic analysis. Evidence grade information must be unbiased, and complete before it can be relied upon. Not only must the data be collected, but also the original media must be preserved. Furthermore it is necessary to record the state of the computer that produced the data. Laptop computers present additional technical issues. The hardware in a laptop computer has typically been modified for energy preservation and size. These modifications can frustrate a forensic examiner's normal use of tools and procedures. This document will discuss what forensic analysis is and why it is important.
Read the Article
|
Forced Evolution of Security on Redhat Linux Server due to System Compromise
This practical assignment describes my experiences in setting up the office computer network system for a small engineering company in Hong Kong and my experiences of handling the system when it was compromised. I will outline the setup of the original server and list, in highlight the mistakes made in the configuration and the impact of these errors will be reviewed. I will demonstrate an effective review of these mistakes and show how a change in implementation by research and training in systems security, helped to rectify the situation and implement a more robust and dependable system. The final sections will review the current status and look at future methods of improving the security of the system and balance these against the time and cost of implementing them. In conclusion I will summarize the mistakes made and outline the lessons learned.
Read the Article
|
Silicon Graphics IRIX Sanitization Overwrite Procedures
Maintaining the confidentiality of sensitive information is a fundamental mission of a computer security program. Ensuring that sensitive information is securely removed from computer media prior to release is a critical layer of security. This document references a United States Department of Defense three-pass overwrite standard and then describes procedures that are used to overwrite media according to that standard using the Silicon Graphics Incorporated IRIX operating system "FX" utility. The basic operation of this low level disk exerciser utility is discussed, including alternatives and other ancillary risk management considerations. Then specific direction and visual aides are provided to instruct the reader how to set the correct pattern for each overwrite pass, how to write that pattern over all addressable locations, and how to verify that the overwrite performed correctly.
Read the Article
|
Deleting Sensitive Information: Why Hitting Delete Isn't Enough
This article intends to show that the deletion of files cannot be left to the delete key if those files are supposed to be disposed of securely. It proves how simply files can be recovered both under Windows and Linux if necessary security policy has not been extended to include the deletion of sensitive data. Popular techniques from each OS will be highlighted and procedures shown as to how to recover a deleted file. The article will then show how to securely delete a file so that current software tools cannot recover them. The article also touches on more advanced techniques beyond the means of most end users that can recover even the most securely deleted files, proving just how difficult it can be to remove data without leaving a trace of it behind.
Read the Article
|
Analysis of a Secure Time Stamp Device
This paper discusses the design of a Secure Time Stamp device used to securely timestamp digital data, such as computer documents, files, and raw binary data of arbitrary format. Thus, the device is used to prove two facts, Existence: That a file existed on a given date & time, and Data Integrity: That the file was not altered since the time it was stamped, These two facts are essential for a number of purposes, including but not limited to gathering and registering binary data to be used as forensic evidence, such as computer files, memory dumps, packet recorder data, security analysis logs, etc., Electronically "notarizing" the date and time of inventions and other time-critical documents, such as business plans, intellectual property, engineering documents, source code, contracts, etc., and Generating secure audit logs for financial transactions, crypto key generation and management, system management, etc.
Read the Article
|
|
|
Page: 1 2 3 4 5
Members currently browsing this category:
|
|
