Network intrusion analysis methodologies, tools, and techniques for incident analysis and response
Nearly every business depends on its network to provide information services to carry out essential activities, and network intrusion attacks have been growing increasingly frequent and severe. When network intrusions do occur, it's imperative that a thorough and systematic analysis and investi...
| Otros Autores: | , |
|---|---|
| Formato: | Libro electrónico |
| Idioma: | Inglés |
| Publicado: |
Amsterdam :
Elsevier
2013.
|
| Edición: | 1st ed |
| Materias: | |
| Ver en Biblioteca Universitat Ramon Llull: | https://discovery.url.edu/permalink/34CSUC_URL/1im36ta/alma991009628574506719 |
Tabla de Contenidos:
- Network Intrusion Analysis; Copyright; Acknowledgement; Contents; Preface; 1 Introduction; Introducing Network Intrusion Analysis; 2 Intrusion Methodologies and Artifacts; Stage 1: Pre-Intrusion Actions: AKA Reconnaissance; Stage 2: Intrusion Methods; Phase 1: Pre-Intrusion Actions, Active; Phase 2: Attack; Phase 3: Maintaining Access/Entrenchment; Phase 4: Exploitation/Abuse; References; 3 Incident Response; Introduction; Section 1: Methodology; Trusted Toolset; Commercial Triage Tools; US-LATT Configuration; Witness Devices; Section 2: Memory Acquisition; Introduction; Acquisition
- Mdd_1.3.exeUsage; Win32dd; Sample Syntax for Win32dd:; FTK Imager; Memoryze; Conclusion; References; 4 Volatile Data Analysis; Introduction; What is Volatile Data?; What is Non-Volatile Data?; Section 1: Collection Tools; Commercial Triage Tools; EnCase Portable, Guidance Software, Inc.; US-LATT, WetStone Technologies, Inc.; Section 2: Memory Analysis; Introduction; RAM Analysis; Data Carving Tools and Techniques; Disk Digger; GetDataBack for NTFS and FAT; Mandiant's Redline; Memoryze; Audit Viewer; Redline; HBGary Responder Community Edition; References; 5 Network Analysis; Introduction
- MethodologyNetwork Traffic; Snort; Packet Analysis Tools; Wireshark; Analyzing Data with Wireshark; Netwitness Investigator; Analyzing Data with Netwitness; Collection Summary; Filtering; Rules; Drilling; Custom Drill; Intellisense; Report Icon; Options; Report Value; Session List; Breadcrumbs; Searching; Accessing the Search Function; Simple Search Window; Advanced Search Window; Search Preferences; Simple Search; Advanced Search; Exporting Sessions; Log Analysis; Witness Devices; Viewing, Acquiring, Triaging Devices over the Network; EnCase CyberSecurity [1]; References; 6 Host Analysis
- IntroductionMethodology; Host Based Analysis; Hash Analysis; Malware Scanning; Signature Analysis; Alternate Data Streams; AutoRun Locations; Log Files; Windows Event Logs; Schedule Task Logs; Antivirus Logs; MFT; Deleted Files; Attacker Created Directories; Prefetch Directory and Included Prefetch Files; References; 7 Malware Analysis; Introduction; Malware Sandbox Creation; Downloading and Configuring the Required Virtualized Machines; Configure of the Virtual Machines to Add Additional Protections From Infection; Installation and Configuration of Analysis Applications; System Monitoring
- Code Analysis ApplicationsBehavioral Analysis Walkthrough; Identification, Hashing, and Scanning Through Aggregators; Hashing; Submitting Files to Virus Total or Offensive Computing; Step 2: Starting the Monitoring Applications; Process Explorer Detailed Overview; Detonate the Malware Sample; Side Bar; Reporting; Summary; Description; Conclusion; References; 8 Reporting After Analysis; Introduction; Getting Started; The Report Header; Requested Analysis; Status of Analysis: Closed or Pending; Summary; Items Analyzed; Software; Analysis Software; Suspect Software; Glossary of Terms
- Details of Analysis
