IndianZ Defense Forensic

About Blog Cheatsheets Defense Links Offense

Defense

Architecture Authorities Concept Forensic Introduction ITlawCH Malware Management Measures Methods Network Policy Risks Rules Threats Unix Linux Windows

Forensic

Identification
IDS-Logs, Firewall-Logs, System-Logs, Application Logs, Database Transaction Logs, Remote-Access-Logs, SU-Logs, Phone-Logs, Whistle-Blowing, Fraud-Hotline

Preparation
Authorization, Privacy, Logbook (Number, Date, Time, Action), Recording (Incident Information, Persons, Reason Investigation, Systems/Devices/Applications, List Application/Processes Systems, Administrators, List Commands (Time, Command, Who), Evidence Access, Profile Delinquent

Process
0 Identification (Detection Incident)
1 Pre-Engagement Interactions (Contract, Legal, Liabilities)
2 Aquisition (Duplication, Documents, Data)
3 Analysis/Correlation
4 Documentation and Presentation (Report and Presentation)

Securing
Protection Suspect Systems, Logging (Actions, Access to Evidence and Rooms), (Relevant Findings, Volatile Memory, Disk-Images, Logfiles), Backup on External Systems/Devices, Writeblocker, Identificaiton of Hashing, Primary Entrance-Sources, Publication Incident (internal/external), Insurance, Law Enforcement

Analysis/Correlation
Analysis of Copies of Logfiles (Syslog, Eventlog, Router, Firewall, IDS, App, DB, etc.), Memory Contents and Disk-Images, MAC-Time-Analyse

Immediate Measures
Locking User Accounts, Analysis Results Additional Surveillance Systems, Identification Alleged Criminal, Provider Contact, Encryption, Legal Steps, Law Enforcement, Policies

Backtracing
Identification of Attacker, IP-Address, Hostname, Traceroute, Whois, Emails-Headers, Logs