|
|
Call for papers SecurityFocus ( www.securityfocus.com ) is currently accepting submissions for new Infocus articles. We would like to extend an invitation to security researchers, authors and academics for submissions on topics of interest to the security community. Submissions should include a short summary along with the author's name, email address and contact information. All submissions should be in MS Word format and should be sent to: editor@securityfocus.com 
Windows NTFS Alternate Data StreamsThe purpose of this article is to explain the existence of alternate data streams in Microsoft Windows, demonstrate how to create them by compromising a machine using the Metasploit Framework, and then use freeware tools to easily discover these hidden files. 2005-02-16 http://www.securityfocus.com/infocus/1822
Detecting Rootkits And Kernel-level Compromises In LinuxThis article outlines useful ways of detecting hidden modifications to a Linux kernel. Often known as rootkits, these stealthy types of malware are installed in the kernel and require special techniques by Incident handlers and Linux system administrators to be detected. 2004-11-18 http://www.securityfocus.com/infocus/1811
Forensic Analysis of a Live Linux System, Pt. 2This article is the second of a two-part series that provides step-by-step instructions for forensics of a live Linux system that has been recently compromised. 2004-04-12 http://www.securityfocus.com/infocus/1773
Forensic Analysis of a Live Linux System, Pt. 1This article is the first of a two-part series that provides step-by-step instructions on forensics of a live Linux system that has been recently compromised. 2004-03-22 http://www.securityfocus.com/infocus/1769
Incident Response Tools For Unix, Part Two: File-System ToolsThis article is the second in a three-part series on tools that are useful during incident response and investigation after a compromise has occurred on a OpenBSD, Linux, or Solaris system. This installment will focus on file system tools. 2003-10-17 http://www.securityfocus.com/infocus/1738
Maintaining System Integrity During ForensicsThis article discusses best practices for maintaining system integrity during forensic examinations. 2003-08-01 http://www.securityfocus.com/infocus/1717
Tracking Down the Phantom HostThis article explains techniques on how to locate a problem host when you are not sure where it is physically located. 2003-06-18 http://www.securityfocus.com/infocus/1705
Starting from Scratch: Formatting and Reinstalling after a Security IncidentThis article will examine the process of starting over, and more specifically, reinstalling after a security incident. 2003-05-07 http://www.securityfocus.com/infocus/1692
IDS Logs in Forensics Investigations: An Analysis of a Compromised HoneypotThis paper will deconstruct the steps taken to conduct a full analysis of a compromised machine. In particular, we will be examining the tool that was used to exploit a dtspcd buffer overflow vulnerability, which allows remote root access to the system. The objective of this paper is to show the value of IDS logs in conducting forensics investigations. 2003-03-20 http://www.securityfocus.com/infocus/1676
Windows Forensics - A Case Study: Part TwoThis article is the second in a two-part series that will offer a case study of forensics in a Windows environment. This article deals with determining the scope of the compromise, and understanding what the attacker is trying to accomplish at the network level. Along the way, we'll be discussing some tools and techniques that are useful in this type of detective work. 2003-03-06 http://www.securityfocus.com/infocus/1672 |
|
Privacy Statement |