Packet forensics using TCP
This article looks at TCP packet forensics and examines why sequence and acknowledgement numbers can be useful during an investigation. 2005-08-16 http://www.securityfocus.com/infocus/1845 Web Browser Forensics, Part 2 Part 2 of this web browser forensics series looks at reconstructing Mozilla Firefox' cache in order to catch an internal hacker using an administrator's account. 2005-05-11 http://www.securityfocus.com/infocus/1832 Web Browser Forensics, Part 1 This article provides a case study of digital forensics, and investigates incriminating evidence using a user's web browser history. 2005-03-30 http://www.securityfocus.com/infocus/1827 A Method for Forensic Previews This article explains the forensic preview process, whereby a production machine is left as undisturbed as possible while it is evaluated for potential intrusion and compromise. 2005-03-16 http://www.securityfocus.com/infocus/1825 Windows NTFS Alternate Data Streams The purpose of this article is to explain the existence of alternate data streams in Microsoft Windows, demonstrate how to create them by compromising a machine using the Metasploit Framework, and then use freeware tools to easily discover these hidden files. 2005-02-16 http://www.securityfocus.com/infocus/1822 Detecting Rootkits And Kernel-level Compromises In Linux This article outlines useful ways of detecting hidden modifications to a Linux kernel. Often known as rootkits, these stealthy types of malware are installed in the kernel and require special techniques by Incident handlers and Linux system administrators to be detected. 2004-11-18 http://www.securityfocus.com/infocus/1811 Forensic Analysis of a Live Linux System, Pt. 2 This article is the second of a two-part series that provides step-by-step instructions for forensics of a live Linux system that has been recently compromised. 2004-04-12 http://www.securityfocus.com/infocus/1773 Forensic Analysis of a Live Linux System, Pt. 1 This article is the first of a two-part series that provides step-by-step instructions on forensics of a live Linux system that has been recently compromised. 2004-03-22 http://www.securityfocus.com/infocus/1769 Incident Response Tools For Unix, Part Two: File-System Tools This article is the second in a three-part series on tools that are useful during incident response and investigation after a compromise has occurred on a OpenBSD, Linux, or Solaris system. This installment will focus on file system tools. 2003-10-17 http://www.securityfocus.com/infocus/1738 Maintaining System Integrity During Forensics This article discusses best practices for maintaining system integrity during forensic examinations. 2003-08-01 http://www.securityfocus.com/infocus/1717 |
|
Privacy Statement |