CHFI v3 Module 19 Network forensics and Investigating Logs.pdf
(
3278 KB
)
Pobierz
Computer H ki
C
Hacking
Forensic Investigator
Module XIX
Network Forensics and
Investigating Logs
Scenario
A Moroccan and a Turk were arrested in their home countries on August 25, 2005, in
connection with the worm attacks that hit several large organizations
organizations.
Farid Essebar, 18, of Morocco, and Atilla Ekici, 21, from Turkey, were believed to have
been responsible for the creation and distribution of the Zotob, Rbot, and Mytob worms.
The Mytob worm was targeted at Windows 2000 systems, and the Zotob affected many
h
b
d
i d
d h
b ff
d
large companies, including
The New York Times,
CNN, ABC News, Caterpillar Inc., and
General Electric Co.
Essebar, who used the code name "Diablo“, was responsible for writing the worm code,
while Ekici, who went by the handle "Coder“, financed the effort.
The FBI's Cyber Division investigated the crime and arrested them. Louis Reigel,
assistant director, said that “The arrests were made possible by the investigative work of
Microsoft's 50-person Internet Crime Investigations.”
Source: http://www.computerworld.com/
EC-Council
Copyright © by
EC-Council
All Rights reserved. Reproduction is strictly prohibited
Module Objective
This module will familiarize you with the following:
Introduction to network forensics
Looking for evidence
End-to-end forensic investigation
Log files as evidence
Log file accuracy and authenticity
Importance of audit logs
Syslog
Linux process accounting
Configuring Windows logging
NTP protocol
l
EC-Council
Copyright © by
EC-Council
All Rights reserved. Reproduction is strictly prohibited
Module Flow
Network f
N
k forensics
i
Looking f
L ki for evidence
id
Log files as evidence
g
End-to-end forensic investigation
g
Log file accuracy and authenticity
Importance of audit logs
Linux process accounting
Syslog
Configuring Windows logging
NTP protocol
EC-Council
Copyright © by
EC-Council
All Rights reserved. Reproduction is strictly prohibited
Introduction to Network Forensics
Laptop
Internet
Server
Router
Hub
Firewall
Server
Hub
Firewall
Server
Router
Laptop
Computer
CORPORATE NETWORK
Typical Perimeter Architecture
Server
Mainframe
Printer
EC-Council
Copyright © by
EC-Council
All Rights reserved. Reproduction is strictly prohibited
Plik z chomika:
qfx
Inne pliki z tego folderu:
CHFI v3 Module 02 Law and Computer Forensics.pdf
(2867 KB)
CHFI v3 Module 03 Computer Investigation Process.pdf
(3529 KB)
CHFI v3 Module 04 First Responder Procedures.pdf
(2317 KB)
CHFI v3 Module 05 CSIRT.pdf
(2815 KB)
CHFI v3 Module 01 Computer Forensics in Todays World.pdf
(1418 KB)
Inne foldery tego chomika:
Advanced Cisco Study Using GNS3 Videos
Advanced Juniper Networks Routing in the Enterprise Detailed Lab Guide
Billing with Stripe (kefirm)
Blackhat & Defcon 2009 Conf CDs Present Jul 2009
Bootsrap - Tutsplus - Bootstrap 3.0 Essentials
Zgłoś jeśli
naruszono regulamin