IT Security Stack Exchange
IT Security Stack Exchange

Questions tagged [investigation]

Looking at the inner workings of security systems, their interactions, and scope of coverage

Security systems interact in many ways and often you need to know why they interact in that exact manner

27 questions
58
votes
2 answers

Can you trace malware back to a specific keyboard?

A CNN article on the recent US Election hacks claims that ...the administration has traced the hack to the specific keyboards -- which featured Cyrillic characters -- that were used to construct the malware code, adding that the equipment leaves…
David says Reinstate Monica
  • 1,108
  • 1
  • 15
  • 20
11
votes
1 answer

Chrome/ Opera: How to trace and single out this Malware in Browser Extensions? caused by Tab Manager

There have been lot of articles about legitimate chrome/ opera extensions that get sold out to malicious parties that end up pushing the wrong kind of code down the pipe, since by default these extensions auto update. Since these extensions are…
Alex S
  • 381
  • 2
  • 13
5
votes
1 answer

What is investigated after a possible hack on servers?

My question follows recent news of the Sony hacking incident. I was wondering what type of investigation is conducted by a security firm or the FBI. For example, if the network servers were hacked, what is the first thing done? Do they shutdown all…
user29568
  • 159
  • 4
5
votes
1 answer

How to trace virtual phone number?

Suppose I received a call from internet with some virtual number, I called the same number back after few days but it didn't exist at the time or it was routed to some other user. Is there a way to reach the real person. Can I find out which service…
Shoeb Surve
  • 53
  • 1
  • 1
  • 3
5
votes
2 answers

Google Account Compromised - Possible Investigation?

This morning, I've not been able to login to my Google Account. Google says, my account has been compromised and I had to walk through account credentials recovery and verify (SMS to verify phone number, changing password) Now, after securing my…
Marek Sebera
  • 2,223
  • 3
  • 20
  • 27
5
votes
3 answers

How bot(s) have guessed my wordpress login page?

I have a wordpress site (fully patched) that used to receive many attempts to log in based on dictionary attacks. I changed my admin user to something uncommon and use a really strong password. Apart of that I changed my login page using rename…
Oscar Foley
  • 850
  • 1
  • 7
  • 12
4
votes
3 answers

Ip tracking of stolen laptop

Somebody stole my laptop. I made a connection to it while he had Teamviewer still running. The police says that they can't start tracing the laptop because the IP is abroad. But what doesn't make sense is that the IP traces to the city I live in:…
user49498
  • 41
  • 2
4
votes
1 answer

Beyond Nmap: Investigating open TCP ports bound to unknown services

I have an uninvited guest using my private WLAN. At first I thought it was probably just a tech-savvy neighbour in need of Internet access, in which case; it wouldn't really bother me. However, I've noticed they always seem to connect the same three…
voices
  • 1,649
  • 7
  • 22
  • 36
3
votes
1 answer

How can an online hack be traced back to the perpetrators?

What sort of evidence might be used in linking, say, the Sony hack to North Korea? While I am curious about what was used in this particular case, my question is meant to be a more general question about what sort of things might be act as a tipoff…
Cannoliopsida
  • 225
  • 1
  • 5
3
votes
1 answer

Forensics in the cloud

I recently did a university module on digital forensics and learned a lot about the process, and techniques, of digital forensics investigations. We didn't actually cover the cloud although I couldn't stop thinking about how it would work. Although…
user45195
  • 137
  • 3
3
votes
2 answers

How to extract windows event logs from a hard disk forensic image?

I have created an image of hard disk using FTK imager. I want to extract the windows event logs. The system was running windows 7. What should I do?
Airbourne
  • 271
  • 2
  • 7
  • 17
2
votes
2 answers

SOHO router intrusion

In the hypothetical scenario where someone has managed to gain unlawful access to a SOHO router (any of the consumer wifi models will serve nicely), what steps can you take to verify this, so as to present evidence to a court? These devices don't…
Sonny Ordell
  • 3,476
  • 9
  • 33
  • 56
2
votes
2 answers

What steps can I take to identify what type of compromise of my computer has occured

I got involved in a strange scenario today :-) . Some 'UDPAgent.exe' file/worm/virus was trying to access my collegue's system and the antivirum program was showing that this particular thing is coming from my ip though I had no idea aboutt he…
p_upadhyay
  • 1,121
  • 3
  • 14
  • 31
2
votes
4 answers

How does one go about network forensics investigation with no prior knowledge?

I am being asked to perform a forensics investigation on a network. The reason being that for the past few months strange things are happening on the network. VLANs are being deleted, configuration changes are being made, and all sorts of…
Franko
  • 1,530
  • 5
  • 18
  • 30
2
votes
1 answer

What steps should I take now that my online gaming account was compromised?

I recently received emails from my Origin account that my email address and security question had been changed (seems to have been someone in Russia since the new security question was in Russian). This was not my doing so I knew immediately that…
Mike
  • 23
  • 3
1
2