| Javascript Feeds RSS Feed Security Dashboard | SearchSecurity.com |
|
Silicon Graphics IRIX Sanitization Overwrite Procedures Maintaining the confidentiality of sensitive information is a fundamental mission of a computer security program. Ensuring that sensitive information is securely removed from computer media prior to release is a critical layer of security. This document references a United States Department of Defense three-pass overwrite standard and then describes procedures that are used to overwrite media according to that standard using the Silicon Graphics Incorporated IRIX operating system "FX" utility. The basic operation of this low level disk exerciser utility is discussed, including alternatives and other ancillary risk management considerations. Then specific direction and visual aides are provided to instruct the reader how to set the correct pattern for each overwrite pass, how to write that pattern over all addressable locations, and how to verify that the overwrite performed correctly.
04/03/2004
|
|
Forced Evolution of Security on Redhat Linux Server due to System Compromise This practical assignment describes my experiences in setting up the office computer network system for a small engineering company in Hong Kong and my experiences of handling the system when it was compromised. I will outline the setup of the original server and list, in highlight the mistakes made in the configuration and the impact of these errors will be reviewed. I will demonstrate an effective review of these mistakes and show how a change in implementation by research and training in systems security, helped to rectify the situation and implement a more robust and dependable system. The final sections will review the current status and look at future methods of improving the security of the system and balance these against the time and cost of implementing them. In conclusion I will summarize the mistakes made and outline the lessons learned.
04/03/2004
|
|
Detailed Forensic Procedure for Laptop Computers Forensic analysis is the process of accurately documenting and interpreting information for presentation to an authoritative group. In most situations that group would be a court of law, but management will often request forensic preservation of information as well. Due to the easily changeable nature of digital information, great care must be put into the handling of any forensic analysis. Evidence grade information must be unbiased, and complete before it can be relied upon. Not only must the data be collected, but also the original media must be preserved. Furthermore it is necessary to record the state of the computer that produced the data. Laptop computers present additional technical issues. The hardware in a laptop computer has typically been modified for energy preservation and size. These modifications can frustrate a forensic examiner’s normal use of tools and procedures. This document will discuss what forensic analysis is and why it is important.
03/28/2004
|
|
The Field Guide for Investigating Computer Crime: Search and Seizure Basics Part 3 Previously, in Overview of a Methodology for the Application of Computer Forensics we took a high level tour of a formal, methodical process for investigating computer crime. Our tour consisted of an overview of the two endeavors which comprise this process: search and seizure, and information discovery. Along the way, we considered why a formal method for investigating computer crime is truly necessary, and we related our method back to the well-known scientific method. Now, we're ready to take the plunge into the gritty details of the search and seizure forensic activity. However, a word of warning is in order: things become reasonably involved from this point on; try not to get overwhelmed. Keep in mind that the degree of complexity in the search and seizure process can always be scaled back in accordance with an organization's investigation policies (e.g., high profile cases are given the full treatment, low profile cases are given a less involved treatment).
03/25/2004
|
|
The Field Guide for Investigating Computer Crime Part 2 Previously, in An Introduction to the Field Guide for Investigating Computer Crime, we considered the basics of computer crime and computer forensics. We began with a definition for computer fraud and abuse, then discussed evidence and the importance of chain of custody, and finished up with an outline of the skills and tools needed to investigate computer crime. With all of that behind us, we can turn our sights toward the heart of the matter: a methodology for investigating computer crime.
03/25/2004
|
|
An Introduction to the Field Guide for Investigating Computer Crime Part 1 As computers and the Internet continue to pervade and invade our lives, the potential for harm caused by computer crime increases manifold. Unfortunately, there is a deficit of information about what computer crime is, and how it should be investigated. As a result, such criminal acts become more widespread and costly to our society each year. The relatively new field of Computer Forensics attempts to manage this problem by providing a thorough, efficient, and secure means of investigating computer crime. This article and those which follow, will endeavor to provide a field guide for the computer fraud and abuse investigator.
03/24/2004
|
|
Digital Media Forensics The area of digital media forensics is not just the art of finding deleted or hidden data; it is also the understanding of the underlying technologies behind the various tools used and the ability to present scientifically valid information. Digital media forensics is a growing science that governmental agencies have long practiced, with the commercial sector not far behind. Many governmental agencies are far ahead of most companies when it comes to searching, seizing, and analyzing information systems and the proper accountability of digital evidence.
03/24/2004
|
|
IDS Logs in Forensics Investigations: An Analysis of a Compromised Honeypot An attacker has compromised a Sun Solaris server on a production network using an exploit for the dtspcd service in CDE; a Motif-based graphical user environment for Unix systems. You are the senior security engineer of the Security Operations Center (SOC) for your company and are required to find out how the box was compromised and by whom. Using only a Snort binary capture file from the remote log server, you are to conduct a complete analysis of all IDS captures, log files, and an inspection of the file system.
03/24/2004
|
|
Footprints in the Sand: Fingerprinting Exploits in System and Application Log Files This paper will focus on the identification of the footprints that exploits leave on system logfiles and what they mean, as well as the most common traces that some recent exploits leave. It is hoped that this discussion will help to create a set of methodologies for readers to follow when conducting incident response and forensic analysis, thereby introducing readers to the world of forensic analysis using system and application log files as an evidentiary resource in place of intrusion detection systems.
03/24/2004
|
|
Autopsy of a successful intrusion (well, two actually) This paper consists of the recollection and analysis of two network intrusion that I have performed as part of my duties as a computer security consultant. The name of the company I worked, as well as their customers that I hacked into, will remain anonymous for obvious reasons. The goal of this paper is to show real life cases of what computer security looks like in the wild, in corporate environments. I will try to outline the principal reasons why these intrusions were successful, and why this kind of performance could be achieved by almost anybody, putting whole networks at risks that their owner don"t even begin to realize yet.
03/21/2004
|
|
Page: 12 3 45 |
