Call for papers
SecurityFocus ( www.securityfocus.com ) is currently accepting submissions for new Infocus articles. We would like to extend an invitation to security researchers, authors and academics for submissions on topics of interest to the security community. Submissions should include a short summary along with the author's name, email address and contact information. All submissions should be in MS Word format and should be sent to: email@example.com
Windows NTFS Alternate Data Streams
The purpose of this article is to explain the existence of alternate data streams in Microsoft Windows, demonstrate how to create them by compromising a machine using the Metasploit Framework, and then use freeware tools to easily discover these hidden files.
Detecting Rootkits And Kernel-level Compromises In Linux
This article outlines useful ways of detecting hidden modifications to a Linux kernel. Often known as rootkits, these stealthy types of malware are installed in the kernel and require special techniques by Incident handlers and Linux system administrators to be detected.
Forensic Analysis of a Live Linux System, Pt. 2
This article is the second of a two-part series that provides step-by-step instructions for forensics of a live Linux system that has been recently compromised.
Forensic Analysis of a Live Linux System, Pt. 1
This article is the first of a two-part series that provides step-by-step instructions on forensics of a live Linux system that has been recently compromised.
Incident Response Tools For Unix, Part Two: File-System Tools
This article is the second in a three-part series on tools that are useful during incident response and investigation after a compromise has occurred on a OpenBSD, Linux, or Solaris system. This installment will focus on file system tools.
Maintaining System Integrity During Forensics
This article discusses best practices for maintaining system integrity during forensic examinations.
Tracking Down the Phantom Host
This article explains techniques on how to locate a problem host when you are not sure where it is physically located.
Starting from Scratch: Formatting and Reinstalling after a Security Incident
This article will examine the process of starting over, and more specifically, reinstalling after a security incident.
IDS Logs in Forensics Investigations: An Analysis of a Compromised Honeypot
This paper will deconstruct the steps taken to conduct a full analysis of a compromised machine. In particular, we will be examining the tool that was used to exploit a dtspcd buffer overflow vulnerability, which allows remote root access to the system. The objective of this paper is to show the value of IDS logs in conducting forensics investigations.
Windows Forensics - A Case Study: Part Two
This article is the second in a two-part series that will offer a case study of forensics in a Windows environment. This article deals with determining the scope of the compromise, and understanding what the attacker is trying to accomplish at the network level. Along the way, we'll be discussing some tools and techniques that are useful in this type of detective work.