• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns

Infocus: Incidents (Page 1 of 9)   1 2 3 4 5 6  Next >

Packet forensics using TCP
This article looks at TCP packet forensics and examines why sequence and acknowledgement numbers can be useful during an investigation.
By: Don Parker, Mike Sues 2005-08-16
http://www.securityfocus.com/infocus/1845

Web Browser Forensics, Part 2
Part 2 of this web browser forensics series looks at reconstructing Mozilla Firefox' cache in order to catch an internal hacker using an administrator's account.
By: Keith J. Jones, Rohyt Belani 2005-05-11
http://www.securityfocus.com/infocus/1832

Web Browser Forensics, Part 1
This article provides a case study of digital forensics, and investigates incriminating evidence using a user's web browser history.
By: Keith J. Jones, Rohyt Belani 2005-03-30
http://www.securityfocus.com/infocus/1827

A Method for Forensic Previews
This article explains the forensic preview process, whereby a production machine is left as undisturbed as possible while it is evaluated for potential intrusion and compromise.
By: Timothy E. Wright 2005-03-16
http://www.securityfocus.com/infocus/1825

Windows NTFS Alternate Data Streams
The purpose of this article is to explain the existence of alternate data streams in Microsoft Windows, demonstrate how to create them by compromising a machine using the Metasploit Framework, and then use freeware tools to easily discover these hidden files.
By: Don Parker 2005-02-16
http://www.securityfocus.com/infocus/1822

Detecting Rootkits And Kernel-level Compromises In Linux
This article outlines useful ways of detecting hidden modifications to a Linux kernel. Often known as rootkits, these stealthy types of malware are installed in the kernel and require special techniques by Incident handlers and Linux system administrators to be detected.
By: Mariusz Burdach 2004-11-18
http://www.securityfocus.com/infocus/1811

Forensic Analysis of a Live Linux System, Pt. 2
This article is the second of a two-part series that provides step-by-step instructions for forensics of a live Linux system that has been recently compromised.
By: Mariusz Burdach 2004-04-12
http://www.securityfocus.com/infocus/1773

Forensic Analysis of a Live Linux System, Pt. 1
This article is the first of a two-part series that provides step-by-step instructions on forensics of a live Linux system that has been recently compromised.
By: Mariusz Burdach 2004-03-22
http://www.securityfocus.com/infocus/1769

Incident Response Tools For Unix, Part Two: File-System Tools
This article is the second in a three-part series on tools that are useful during incident response and investigation after a compromise has occurred on a OpenBSD, Linux, or Solaris system. This installment will focus on file system tools.
By: Holt Sorenson 2003-10-17
http://www.securityfocus.com/infocus/1738

Maintaining System Integrity During Forensics
This article discusses best practices for maintaining system integrity during forensic examinations.
By: Jamie Morris 2003-08-01
http://www.securityfocus.com/infocus/1717

Incidents (Page 1 of 9)   1 2 3 4 5 6  Next >