Security Incidents mailing list archives

Know Your Enemy: A Forensics Analysis

From: lance () SPITZNER NET (Lance Spitzner)
Date: Sun, 21 May 2000 18:27:06 -0500


I've completed a whitepaper that I feel memebers of
this group may be interested in.

Know Your Enemy: A Forensics Analysis
This paper is a continuation of the Know Your Enemy series. The first three papers covered the tools and tactics of the 
black-hat community.  This paper, the fourth of the series, studies step by step a successful attack of a system.   
However, instead of focusing on the tools and tactics used, we will focus on how we learned what happened and pieced 
the information together.  The purpose is to give you the forensic skills necessary to analyze and learn on your own 
the threats your organization faces.

http://www.enteract.com/~lspitz/forensics

Hope it helps :)

Lance Spitzner
http://www.enteract.com/~lspitz/papers.html

Current thread:

Unidentified Trojan? Richard Ginski (May 18)
- Unidentified Trojan? -- Hope this helps James Wilson (May 19)
- price.doc.exe illu5i0n () HUSHMAIL COM (May 19)
  - Re: price.doc.exe barry.net (May 22)
- Portscan X.Y.Z.100 - X.Y.Z.254, various ports Jens Hektor (May 20)
- Two scans (Klogin and a trojan?) Jose Nazario (May 21)
- Know Your Enemy: A Forensics Analysis Lance Spitzner (May 21)
- <Possible follow-ups>
- Re: Unidentified Trojan? Elliot Perrin (May 18)
- Re: Unidentified Trojan? Bill Royds (May 18)
- Unidentified Trojan? Richard Ginski (May 19)