Call for papers
SecurityFocus ( www.securityfocus.com ) is currently accepting submissions for new Infocus articles. We would like to extend an invitation to security researchers, authors and academics for submissions on topics of interest to the security community. Submissions should include a short summary along with the author's name, email address and contact information. All submissions should be in MS Word format and should be sent to: firstname.lastname@example.org
Forensics on the Windows Platform, Part Two
This is the second of a two-part series of articles discussing the use of computer forensics in the examination of Windows-based computers. In this article we will concentrate on the areas of a Windows file system that are likely to be of most interest to forensic investigators and the software tools that can be used to carry out an investigation
Forensics on the Windows Platform, Part One
This article, the first in a two-part series about forensics on the Windows platform, will examine the preparatory steps that can be taken by both investigators and system administrators alike. While this series is concerned with Windows-specific investigations, this article will examine some basic, non-technical concepts that are applicable to all forensic investigations.
Closing the Floodgates: DDoS Mitigation Techniques
To be on the receiving end of a distributed denial of service (DDoS) attack is a nightmare scenario for any network administrator or security professional. With these challenges in mind, this article will explore some techniques that systems administrators and security professionals can employ should they ever find themselves in this situation.
Windows Forensics: A Case Study, Part 1
This article is the first in a two-part series that will offer a case study of forensics in a Windows environment. This installment will offer a brief overview of the detection and analysis of attack an attack incident. The second installment will look at continue to look at network traffic analysis techniques and will resolve a hypothetical attack scenario.
Alien Autopsy: Reverse Engineering Win32 Trojans on Linux
In a previous SecurityFocus article, the author described the tools and processes involved in basic reverse engineering of a simple trojan. This article will offer a more detailed examination of the reversing process, using a trojan found in the wild, and focusing on techniques for reversing Windows-native code entirely under Linux.
Reverse Engineering Hostile Code
This article outlines the process of reverse engineering hostile code. Armed with this knowledge, even someone who is not an expert at assembly language programming should be able to look at the internals of a hostile program and determine what it is doing, at least on a surface level.
Footprints in the Sand: Fingerprinting Exploits in System and Application Log Files
Forensic analysts must be able to understand and recognize footprints that exploits leave on system logfiles. Identifying these signatures, is the key to understanding what took place. This article will focus on the identification of the footprints that exploits leave on system logfiles and what they mean, as well as some of the most common traces that some recent exploits leave.
Detecting and Removing Trojans and Malicious Code from Win2K
The amount of malicious code directed at Windows systems seems to be increasing on a continual curve The purpose of this article is to recommend steps that an administrator can use to determine whether or not a Win2K system has been infected with malicious code or "malware" and, if so, to remove it.
Win2K First Responder's Guide
This article will offer a brief overview of some of the steps security administrators and incident handlers should take as part of the first response to security incidents. This article will focus on incidents in Microsoft Windows 2000, due to its popularity in both the corporate and server environments.
No Stone Unturned, Part Six
This is an additional installment to the No Stone Unturned series. In installment 5 of the series, Eliot, our heroic system administrator, found an unusual file on a compromised system. In this bonus installment, he attempts to determine the nature and purpose of that file.