| Javascript Feeds RSS Feed Security Dashboard | SearchSecurity.com |
|
Forensics
|
|
Incident Response Team
|
|
Avoiding the Trial-By-Fire Approach to Security Incidents Experience shows that most organizations do not think about how to respond to a computer security incident until after they have been hit significantly. They have not assessed the business risk of not having formal incident-detection and response mechanisms in place. More often than not, organizations receive reports informing them that they are involved in an incident originating from some other party rather than identifying the incident themselves. This is called the trial-by-fire approach.
By Moira West-Brown, 03/03/2004
|
|
Windows Responders Guide In this paper, we will discuss what are the issues one needs to consider during the initial response stage. There are critical evidence that need to be protected and gathered during the initial response stage. We will hence discuss what are the tools that can be used to gather the necessary evidence and how to collect them appropriately. Finally, we will explore areas that one needs to look out for during the investigation on the evidence collected.
By Tan Koon Yaw, 02/19/2004
|
|
What You Don't See On Your Hard Drive This paper will address two security concerns that I found very interesting. They both have to do with things that are not in plain sight. The first security concern covers the issue of retrieving data that has been deleted. So many people have no idea about data that is left behind when you delete files or fdisk and format your hard drive. The second issue deals with hidden access and control of your computer. I will look at what a rootkit is and look at the recent development of rootkits designed for Microsoft Windows operating systems.
By Brian Kuepper, 02/19/2004
|
|
The Enemy Within: The Role of the Security Administrator in Apprehending and Terminating the Malicio The following information is set forth to generally describe the tools available to security administrators to facilitate the apprehension and participate in the resolution of internal threats to your organization’s sensitive or restricted resources. This discussion will include references to United States Labor Code and California state law. It must be stated clearly and unequivocally that I am not a lawyer. The information contained herein is meant to serve as a guideline reference. Nothing in this document should be relied upon without consulting your own or your company’s counsel.
By Robin Stuart, 02/19/2004
|
|
The Coroners Toolkit - In depth In this paper I will describe evidence gathering on a Unix system using "The Coroners Toolkit" version 1.09 hereafter referred to as TCT. TCT can be downloaded freely from porcupine.org/forensics/tct.html. The two types of evidence I will focus on are ephemeral and static evidence. Ephemeral evidence refers to evidence, which generally doesn’t last a long time.
By Clarke L. Jeffris, 02/19/2004
|
|
Successful Partnerships for Fighting Computer Crime Given the wide range of possible criminal activities in the high technology arena, computer security officers need to be prepared to respond to computing incidents that are not only against the local acceptable use policy for computers and networks, but also violate federal, state or local statutes.
By Beth Binde, 02/19/2004
|
|
Secure File Deletion, Fact or Fiction? This paper will deal with how and where some of these files are created and how to securely remove them from a system. Microsoft Windows operating systems and associated applications will be the main focus. This paper is divided into two main sections, the first section is designed to be a primer on the types of information that can be found on a hard drive.
By Rick Maybury, 02/19/2004
|
|
Reporting Unauthorized Intrusions: A When an incident happens you may not have the time or focus to search for the proper way of reporting it or the authorities to which it should be reported. This document will provide such information in a few simple steps.
By Melton J. Roland, 02/19/2004
|
|
Proposed Conceptual Tools for Managing Cost and Complexity When Securing Networks This paper will describe the cost and complexity issues facing security professionals, outline the desired outcome in facing these issues, and finally will suggest initial proposals for reaching those goals.
By Kathleen E. Howard, 02/19/2004
|
|
One Incident Of Remediating The CRC 32 sshd1 Vulnerability The purpose of this paper is to document the process I used to respond to the CRC32 sshd1 vulnerability. My operating environment is primary Solaris and Linux, with a small percentage of HPUX and OpenBSD. Most systems are behind a corporate firewall, but a few are on the internet and used as data transfer points. This is only the process I used, and not the only acceptable response. I will document the four steps I used and my results.
By Rebecca Sander, 02/19/2004
|
|
Page: 123 4 56 |
