Looking at the inner workings of security systems, their interactions, and scope of coverage
Security systems interact in many ways and often you need to know why they interact in that exact manner
Questions tagged [investigation]
27 questions
2
votes
1 answer
iLivid infection/ iLivid behaviour analysis
Although lots of surveys and reports have been done on iLivid by lots of malware analyzers, I decided to inspect iLivid independent of previous research.
I have read lots of reports about iLivid but when I proceed to survey I download iLivid from…
Mohammadreza
- 21
- 1
1
vote
1 answer
What question(s) can someone ask an individual to quickly determine their 'hacking ability'?
Scenario: You are on Craigslist searching for cheap electronics and come across an add for cheap E-reader. It's a bit of a deal with about 20-40% off the retail price so you contact the seller and all seems normal. You meet up to buy it and while…
Matthew Peters
- 3,592
- 4
- 21
- 39
1
vote
1 answer
Host Protected Area (HPA) Imaging
I'm a student in the Digital Forensics department. I have to create an image of the HPA of my disk. I searched whole documents about creating HPA image ways but all of them are old methods. For instance, The Sleuth Kit version 1.7.3 allows to create…
Ahmet Furkan Aydogan
- 13
- 2
1
vote
1 answer
Local Scans initiated from a VLAN Broadcast IP address
Just reviewing some logs and I am seeing local scans to several local IP addresses on port 137 within my network. The source IP however is the broadcast IP of the VLAN (.255).
I have checked the logs and I can see the broadcast IP trying to…
TheGreyShadow
- 43
- 1
- 7
1
vote
3 answers
What is the difference between artifact and evidence
I am reading about the incident response. I cannot able to understand exactly the terms artifact and evidence. When i searched in google so many resources are using these terms generally. How can i find out standard definitions for these two terms?…
ashok
- 231
- 1
- 3
- 5
1
vote
1 answer
Is this an exploit attempt and howcan I analyse it?
Edited: Never mind the MinGW or .bash_history, I can see that is unlikely. Somebody attacking me and those bytes ending up in the frequently used file .bash_history by accident is not that unlikely however.
Is there anything legit that would look…
Jonathan J. Bloggs
- 31
- 2
0
votes
1 answer
What to do when a Linux account gets owned?
What is the best course of action when you discover that a non-administrator Linux account has gotten owned, and a single foreign process is running, making all sorts of networking connections?
For example, how would one take a complete snapshot of…
cnst
- 1,884
- 2
- 19
- 30
0
votes
0 answers
LSASS Activity is Being Flagged as a Potentially Compromised Host - How should I investigate this?
We've recently been seeing new security events being flagged to the SOC for activity involving LSASS usage from the wmiprvse.exe process across multiple Windows servers. We've investigated the wmiprvse.exe process by reviewing the process ID and…
Gregor
- 11
- 4
0
votes
0 answers
Detection and attribution of a running attack toward US elections
Recently an attack based on booby trapped web servers was blocked by Microsoft through seizure of some of the known server names used in this attack.
This attack analysis was focused to defend US midterm elections which will take place on November…
dan
- 3,033
- 14
- 34
0
votes
1 answer
Teamviewer Investigations
I have a situation where Teamviewer was used to remotely log into a computer and delete files. What are some areas where I can find evidence of file deletion and Teamviewer identity of the intruder?
Jemesa Lave
- 1
- 1
0
votes
1 answer
Debugging self recreating files
While cleaning up a portable HD I came across a directory that I cannot delete with the error that it is not empty, and that despite trying to delete it with the -rf flags (I am running linux).
I went in the directory and found 3 hidden files…
Tom Klino
- 178
- 1
- 1
- 5
-3
votes
1 answer
I'm getting my masters in cybersecurity and I have a bs in criminal justice... need guidance
I'm getting my masters in cyber security. I have a bachelors in criminal justice. I would like to do missing and exploited children investigation. I'm relocating to Georgia. What kind of job should I apply for?
