archives

incident response

This tag is associated with 9 posts

The Opportunity In The Crisis: ICS Malware Digital Forensics And Incident Response

by Christa Miller, Forensic Focus Malware aimed at industrial control systems (ICS) is nothing new. Nearly 10 years have passed since Stuxnet first targeted the supervisory control and data acquisition (SCADA) systems and programmable logic controllers (PLCs) associated with centrifuges in Iran’s nuclear program. Since then, Havex, BlackEnergy 2, and Crash Override / Industroyer have … Continue reading

Dissecting Malicious Network Traffic To Identify Botnet Communication

by Swasti Bhushan Deb Botnets are well-known in the domains of information security, digital forensics and incident response for hosting illegal data, launching DDOS attacks, stealing information, spamming, bitcoin mining, spreading ransomware, launching brute force attacks, managing remote access to connected devices, and even propagating infection to other devices, among other things. Internet Relay Chat (IRC) … Continue reading

Asking A VPS To Image Itself

by Chris Cohen There is a Linux Virtual Private Server (VPS) that you have been tasked to collect using a forensically sound method while ensuring confidentiality, integrity and availability. You have the password for a user who has ssh access to a shell account on that VPS and the user is in the super user … Continue reading

10 DFIR Blogs You Don’t Want to Miss

by Christa M. Miller Digital forensics is a tough job. Forensicators must evolve as rapidly as the technology does, which means being in a constant state of learning. Formal education is costly and can’t keep up. The next best alternative: learn from others’ experience. It can be a challenge, however, to share one’s forensication expertise … Continue reading

Current Challenges In Digital Forensics

What is the most urgent question facing digital forensics today? That in itself is not a question with a straightforward answer. At conferences and in research papers, academics and forensic practitioners around the world converge to anticipate the future of the discipline and work out how to overcome some of the more challenging aspects of … Continue reading

Linux Timestamps, Oh boy!

Timestamps are critical for analysts; they usually deal with different filesystems and understanding how the file timestamps work on each is crucial to what they do. If you do an online search for linux timestamps, you’ll get ton of information but the idea here is to put together different common file operations such as move, … Continue reading

Is the NTSB a model for incident response?

by Sean McLinden Recently, the events surrounding the defacement of the HBGary Web site and publication of sensitive data were being bantered about on a number of forensic, security and incident response sites. As is typical for these kind of high profile events, some of those voicing opinions were not in the know while those … Continue reading

Computer incident response – DO NOT PANIC

First published January 2010 by Karl Obayi – Solicitor http://www.itevidence.co.uk This article seeks to advance some basic steps to be adopted in case you are confronted with a computer incident that calls for appropriate response. The incident in question could emanate from three major fronts. – Internal attacks – External attacks – System malfunction There … Continue reading

D.I.M. : An Effective Incident Management Tool Based On IODEF And Other Standards

First published February 2007 The number of procedures necessary in incident response and evidence cataloguing is constantly growing. These procedures need to be standardized and must perform clearly defined actions. Additionally, they must all be documented in detail to provide proof of their validity. Hence the need for a software tool to facilitate the work … Continue reading

Enter your email address to subscribe to this blog and receive notifications of new posts by email.

Join 1,225 other followers