Search Free Magazines Newest Links Categories Register Login

Application Security Architecture Authentication Certifications Corporate Compliance Cryptology Disaster Recovery Enterprise Security Exploits Firewalls Incident Handling Intrusion Detection Link Directory OS Security Podcasts Policies and Procedures Security Basics Security Management Security Tools Servers Standards Techie Humor Video VoIP Vulnerability Management Web Security WIFI Security Worms and Viruses Definition of Forensics What is Forensics? Computer forensics is the process of investigating data processing equipment-- typically a home computer, laptop, server, or office workstation-- to determine if the equipment has been used for illegal, unauthorized, or unusual activities. It can also include monitoring a network for the same purpose. Most Popular Sponsor Backup & Recovery - Top 10 Reasons to Upgrade

Forensics Forensic Tools A Case for Forensics Tools in Cross-Domain Data Transfers Corporate and government organizations dependence on computers and networks for storage and movement of data raises significant security issues. Two of these are movement of data across security domains (cross-domain) and computer reuse. The cross-domain transfer problem must address the contents of the file space as well as the contents of slack and free space. Three options are presented and discussed. One is selected as most practical and more fully discussed. Since this option involves the use of forensics software, a software tool is selected and its application discussed. The final discussion is protecting against inadvertent data compromise when reusing computers or salvaging them. Forensics software has a role here also. Read the Article Forensics on the Windows Platform, Part One This is the first of a two-part series of articles discussing the use of computer forensics in the examination of Windows-based computers. We discuss the wider legal issues raised by computer forensics and the benefits of pre-investigation preparation. Read the Article Forensics on the Windows Platform, Part Two This is the second of a two-part series of articles discussing the use of computer forensics in the examination of Windows-based computers. In Part One we discussed the wider legal issues raised by computer forensics and the benefits of pre-investigation preparation. In this article we will concentrate on the areas of a Windows file system that are likely to be of most interest to forensic investigators and the software tools that can be used to carry out an investigation. Read the Article Freeware Forensics Tools for Unix This article will discuss three popular freeware forensics tools for the Unix platform: The Coroner's Toolkit (TCT), TCTUtils, and Autopsy Forensic Browser. These tools, when used together, offer a comprehensive solution for forensic data gathering. Read the Article Maintaining System Integrity During Forensics While the use of good judgement may be more art than science, if we keep in mind certain basic principles and remember to think before we act we should give ourselves the best possible chance of a successful forensic outcome. These basic principles are the bedrock upon which any notions of a "best practice" must be constructed and will be the basis of this article. Read the Article Reverse Engineering Hostile Code Computer criminals are always ready and waiting to compromise a weakness in a system. When they do, they usually leave programs on the system to maintain their control. We refer to these programs as "Trojans" after the story of the ancient Greek Trojan horse. Often these programs are custom compiled and not widely distributed. Because of this, anti-virus software will not often detect their presence. It also means information about what any particular custom Trojan does is also not generally available, so a custom analysis of the code is necessary to determine the extent of the threat and to pinpoint the origin of the attack if possible. Read the Article Windows Forensics: A Case Study: Part One It's a security person's worst nightmare. You've just inherited a large, diverse enterprise with relatively few security controls when something happens. We all try to detect malicious activity at the perimeter of the network by monitoring our intrusion detection systems, and watching attackers bang futilely on our firewall. Even those attackers tricky enough to slip through the firewall bounce harmlessly off our highly secured servers, and trip alarms off throughout the network as they attempt to compromise it. Read the Article Windows Forensics - A Case Study: Part Two This article is the second in a two-part series that will offer a case study of forensics in a Windows environment. This article deals with determining the scope of the compromise, and understanding what the attacker is trying to accomplish at the network level. Along the way, we'll be discussing some tools and techniques that are useful in this type of detective work. Read the Article Forensic Analysis of a Live Linux System, Part 1 The main goal of this article is a presentation of methods used during an evidence collection procedure. All collected data can be used later to perform offline forensic analysis. Some of presented tasks can be also be performed in the preparation and identification phases of the incident response cycle -- these are two of the six phases defined in a guide called "Incident Handling Step by step", published by the SANS Institute. Read the Article Forensic Analysis of a Live Linux System, Part Two Last month in the first part of this article series, we discussed some of the preparation and steps that must be taking when analyzing a live Linux system that has been compromised. Now we'll continue our analysis by looking for malicious code on the running system, and then discuss some of the searches that can be done with the data once it has been transferred to our remote host. Read the Article Page: 1 2 3 4 5 Members currently browsing this category:

Copyright 2008 AttackPrevention