Muutke küpsiste eelistusi

E-raamat: OS X Incident Response: Scripting and Analysis

4.44/5 (11 hinnangut Goodreads-ist)
(Senior Intrusion Analyst, CrowdStrike)
  • Formaat: EPUB+DRM
  • Ilmumisaeg: 07-May-2016
  • Kirjastus: Syngress Media,U.S.
  • Keel: eng
  • ISBN-13: 9780128045039
Teised raamatud teemal:
  • Formaat - EPUB+DRM
  • Hind: 50,49 €*
  • * hind on lõplik, st. muud allahindlused enam ei rakendu
  • Lisa ostukorvi
  • Lisa soovinimekirja
  • See e-raamat on mõeldud ainult isiklikuks kasutamiseks. E-raamatuid ei saa tagastada.
OS X Incident Response: Scripting and AnalysisSuurem pilt
  • Formaat: EPUB+DRM
  • Ilmumisaeg: 07-May-2016
  • Kirjastus: Syngress Media,U.S.
  • Keel: eng
  • ISBN-13: 9780128045039
Teised raamatud teemal:

DRM piirangud

  • Kopeerimine (copy/paste):

    ei ole lubatud

  • Printimine:

    ei ole lubatud

  • Kasutamine:

    Digitaalõiguste kaitse (DRM)
    Kirjastus on väljastanud selle e-raamatu krüpteeritud kujul, mis tähendab, et selle lugemiseks peate installeerima spetsiaalse tarkvara. Samuti peate looma endale  Adobe ID Rohkem infot siin. E-raamatut saab lugeda 1 kasutaja ning alla laadida kuni 6'de seadmesse (kõik autoriseeritud sama Adobe ID-ga).

    Vajalik tarkvara
    Mobiilsetes seadmetes (telefon või tahvelarvuti) lugemiseks peate installeerima selle tasuta rakenduse: PocketBook Reader (iOS / Android)

    PC või Mac seadmes lugemiseks peate installima Adobe Digital Editionsi (Seeon tasuta rakendus spetsiaalselt e-raamatute lugemiseks. Seda ei tohi segamini ajada Adober Reader'iga, mis tõenäoliselt on juba teie arvutisse installeeritud )

    Seda e-raamatut ei saa lugeda Amazon Kindle's. 

OS X Incident Response: Scripting and Analysis is written for analysts who are looking to expand their understanding of a lesser-known operating system. By mastering the forensic artifacts of OS X, analysts will set themselves apart by acquiring an up-and-coming skillset. Digital forensics is a critical art and science. While forensics is commonly thought of as a function of a legal investigation, the same tactics and techniques used for those investigations are also important in a response to an incident. Digital evidence is not only critical in the course of investigating many crimes but businesses are recognizing the importance of having skilled forensic investigators on staff in the case of policy violations.Perhaps more importantly, though, businesses are seeing enormous impact from malware outbreaks as well as data breaches. The skills of a forensic investigator are critical to determine the source of the attack as well as the impact. While there is a lot of focus on Windows because it is the predominant desktop operating system, there are currently very few resources available for forensic investigators on how to investigate attacks, gather evidence and respond to incidents involving OS X. The number of Macs on enterprise networks is rapidly increasing, especially with the growing prevalence of BYOD, including iPads and iPhones.Author Jaron Bradley covers a wide variety of topics, including both the collection and analysis of the forensic pieces found on the OS. Instead of using expensive commercial tools that clone the hard drive, you will learn how to write your own Python and bash-based response scripts. These scripts and methodologies can be used to collect and analyze volatile data immediately.Focuses exclusively on OS X attacks, incident response, and forensicsProvides the technical details of OS X so you can find artifacts that might be missed using automated toolsDescribes how to write your own Python and bash-based response scripts, which can be used to collect and analyze volatile data immediatelyCovers OS X incident response in complete technical detail, including file system, system startup and scheduling, password dumping, memory, volatile data, logs, browser history, and exfiltration

Muu info

Offering a comprehensive introduction to Macintosh OS X with an emphasis on OS X attacks, incident response, and digital forensics, this practical guide includes direction on how to write your own Python and bash-based response scripts to collect and analyze volatile data immediately
Acknowledgments ix
Chapter 1 Introduction
1(10)
Is there really a threat to OS X?
1(1)
What is OS X
2(1)
The XNU kernel
3(1)
Digging deeper
3(1)
Requirements
4(1)
Forensically sound versus incident response
4(1)
Incident response process
4(2)
The kill chain
6(2)
Applying the killchain
8(1)
Analysis environment
9(1)
Malware scenario
9(2)
Chapter 2 Incident response basics
11(14)
Introduction
11(1)
Picking a language
11(1)
Root versus nonroot
12(1)
Yara
13(2)
Basic commands for every day analysis
15(1)
Starting an IR script
16(2)
Collection
18(2)
Analysis
20(1)
Analysis scripts
21(2)
Conclusion
23(2)
Chapter 3 Bash commands
25(24)
Introduction
25(1)
Basic bash commands
25(1)
System info
25(1)
Who info
26(1)
User information
27(1)
Process information
27(1)
Network information
27(2)
System startup
29(1)
Additional commands
29(1)
Miscellaneous
30(3)
Bash environment variables
33(1)
Scripting the collection
34(2)
Analysis
36(11)
Conclusion
47(2)
Chapter 4 File system
49(42)
Introduction
49(1)
Brief history
49(1)
HFS+ overview
49(2)
Inodes, timestamps, permissions, and ownership
51(3)
Extended attributes
54(5)
File types and traits
59(2)
OS X specific file extensions
61(1)
File hierarchy layout
62(2)
Miscellaneous files
64(1)
File artifacts
65(1)
Key file artifacts
66(7)
Collection
73(4)
Collecting file artifacts
77(2)
Analysis scripting
79(3)
Analysis
82(7)
Conclusion
89(1)
Further reading
89(2)
Chapter 5 System startup and scheduling
91(28)
Introduction
91(1)
System boot
91(1)
Launchd---the beginning and end
92(1)
Launch agents versus launch daemons
93(1)
Breaking down a property list
94(3)
Binary property lists
97(1)
Launchctl
97(1)
Listing active property lists with launchctl
98(1)
Editing property lists using defaults
99(1)
Property list overrides
99(2)
Crontab
101(1)
Persistence via kext
102(2)
Additional kext commands
104(1)
Less popular persistence methods
105(5)
Collection
110(2)
Analysis
112(5)
Conclusion
117(2)
Chapter 6 Browser analysis
119(24)
Introduction
119(1)
Safari
120(3)
Chrome
123(6)
Firefox
129(1)
Downloads
130(2)
Opera
132(1)
Collection
132(6)
Analysis
138(4)
Conclusion
142(1)
Chapter 7 Memory analysis
143(32)
Introduction
143(8)
Analysis tools
151(11)
Collection
162(3)
Analysis
165(8)
Conclusion
173(2)
Chapter 8 Privilege escalation & passwords
175(28)
Introduction
175(1)
Privileges
176(7)
Shellshock
183(1)
Passwords
184(9)
Collection
193(1)
Analysis
193(9)
Conclusion
202(1)
Chapter 9 Exfiltration
203(20)
Introduction
203(1)
How valuable data is located
203(2)
How data is archived
205(1)
Detecting archived files by timestamp
206(2)
Compression tools
208(1)
How attackers transfer data
209(3)
Collection
212(3)
Analysis
215(5)
Conclusion
220(3)
Chapter 10 The timeline
223(18)
December 2015 intrusion timeline
223(7)
Wrapping up
230(11)
Chapter 11 Advanced malware techniques and system protection
241(18)
Introduction
241(1)
Advanced malware techniques
241(5)
Dyld_insert_libraries
246(4)
Additional ASEPS
250(1)
System protection
251(7)
Conclusion
258(1)
Subject Index 259
Jaron Bradley has a background in host-based incident response and forensics. He entered the information security field as an incident responder immediately after graduating from Eastern Michigan University, where he received his degree in Information Assurance. He now works as a Senior Intrusion Analyst, with a focus on OS X and Linux based attacks.
Lisainfo e-raamatute kohta Lisainfo e-raamatute kohta
Püsilink: https://www.kriso.ee/db/97801280450396e.html
Märksõnad: