October 15th, 2002, 08:34 PM
Fingerprinting exploits in system and application log files
Here is an exerpt from an article on Security Focus I found today. I thought that it looked quite informative and ideal for someone new to forensics since it gives good insight into what forensics analysts do and how.
Forensic analysts and incident response engineers are armed with a slew of open source and commercial forensic toolsets to attempt to understand and analyze break-ins they did not witness. The most critical component of forensic analysis is system log files. In particular, the analyst must be able to understand and recognize footprints that exploits leave on system logfiles. Identifying these signatures, and their impact on the application within the log files, is the key to understanding what took place during a security incident.
The article is pretty lengthy, but you can find it here .
Opinions are like
holes - everybody\'s got\'em.
November 7th, 2002, 08:27 PM
Anyone know of anything similar for Windows systems......
Which one of you *nix chaps is that giggling in the background?????
Don\'t SYN us.... We\'ll SYN you.....
\"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides
January 26th, 2003, 09:11 PM
Actually, I use different OSes for different purposes. Each have their strong points and each have their crappy ones.
I did see a decent post on Security Focus on Windows log file forensics. You may want to pan the site and see what you come up with.
Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden