Professional Documents
Culture Documents
Incidents
A Brief Introduction to
Cyber Forensic Analysis
t e r
Pe s o n
h e n . c om
te p f gro up
S n@ i m
he
Copyright © 1998-1999 Sanda International Corp.
Agenda
❏ Intrusion approaches
❏ Investigative tool kit
❏ Investigative approaches
❏ End-to-end tracing
❏ Evidence collection and preservation
❏ Forensic use of RMON2-based tools
for documenting the path of an attack
80
60
% Reporting
40
20
0
Disgr. Hackers US For. For. Gov.
Empl. Compet. Corp.
45
40
35
30
25
Source: 1998 CSI/FBI Study %
20
15
10
5
0
DoS
Theft of
Fraud
Outside
Unauth.
Sabotage
Access
Pen.
Info
required
❏ Create mirrors of affected computers
I n t r u d e r 's
L a p to p DIAL
IS P
INTERNET
In te rn e t
OUR LOGS R o u te r PENETRATE
HOST
V IC T IM
ATTACK VICTIM In te r m e d ia te
H ost
Contact iname’s
Security Officer Connect account name,
time, & message ID to
source IP address