Difference between pages "Zombies and Botnets: Setup-Investigate-Shutdown" and "GRR"

From Forensics Wiki
(Difference between pages)
Jump to: navigation, search
 
(See also)
 
Line 1: Line 1:
'''Zombies and Botnets:  Setup-Investigate-Shutdown''' [http://www.wetstonetech.com/cgi-bin/shop.cgi?view,25]
+
{{Infobox_Software |
 +
  name = Rekall |
 +
  maintainer = [[Darren Bilby]] and others |
 +
  os = {{Cross-platform}} |
 +
  genre = {{Incident response}} |
 +
  license = {{APL}} |
 +
  website = [https://code.google.com/p/grr/ code.google.com/p/grr/] |
 +
}}
  
 +
GRR is an Incident Response Framework focused on Remote Live Forensics.
  
==  ==
+
The disk and file system analysis capabilities of GRR are provided by the [[sleuthkit]] and [[pytsk]] projects.
  
WetStone has created this one-day advanced module to their Hacking Bootcamp focusing exclusively on Zombies and Botnets. Students will have unique access to our “hands-on” interactive learning environment. Students will work  together to establish a complex Botnet environment and practice investigative methods/techniques to collect criminal information. Each student will learn how to shutdown and isolate Botnet operators and individual Zombies in order to limit or preempt the damage they can cause.
+
The memory analysis and acquisition capabilities of GRR are provided by the [[rekall]] project.
  
 +
= See also =
 +
* [[pytsk]]
 +
* [[rekall]]
 +
* [[sleuthkit]]
  
 +
= External Links =
 +
* [https://code.google.com/p/grr/ Project site]
 +
* [https://code.google.com/p/grr/wiki/ProjectFAQ Project FAQ]
 +
* [http://grr.googlecode.com/git/docs/index.html Documentation]
  
'''Sinister Cyber Weapons'''
+
== Publications ==
 +
* [http://static.googleusercontent.com/media/research.google.com/en/us/pubs/archive/37237.pdf Distributed forensics and incident response in the enterprise], by [[Michael Cohen]], [[Darren Bilby]], G. Caronni. Digital Investigation, 2011.
 +
* [https://googledrive.com/host/0B9hc84IflFGbN2IwMTUyYTUtMTU0Mi00ZWQ3LWFhNDktM2IyMTg5MmY3OWI0/Hunting%20in%20the%20Enterprise:%20Forensic%20Triage%20and%20Incident%20Response Hunting in the enterprise: Forensic triage and incident response], by [[Andreas Moser]], [[Michael Cohen]], Digital Investigation, 2013.
  
One of the most sinister cyber weapons to arrive on the scene in recent years are Zombies and their associated Botnets. 
+
== Presentations ==
+
* [https://googledrive.com/host/0B1wsLqFoT7i2N3hveC1lSEpHUnM/Docs/GRR%20Rapid%20Response%20-%20OSFC%202012.pdf OSDFC 2012 GRR Overview], by [[Darren Bilby]]
Today's cyber investigators must possess in depth working knowledge of their internals. To accomplish this you must know how to setup, investigate, and shutdown these weapons.
+
  
Botnets are continuing to be a global issue. These types of malicious software are penetrating our personal, corporate and government systems. Statistics are showing that up to one quarter of all computers that are connected to the  internet have become a part of a Botnet.
+
== Workshops ==
 
+
* [https://drive.google.com/?usp=chrome_app#folders/0B1wsLqFoT7i2eU1jU0JldW9JUU0 OSDFC workshop 2013], by [[Darren Bilby]]
 
+
'''Skills Learned'''
+
 
+
Upon completion of the course, students will have gained advanced knowledge in the fundamentals of Zombies and Botnets
+
 
+
▫ Offensive planning of Zombies and Botnets
+
▫ Investigative considerations when faced with these weapons
+
▫ Learn the art of isolation and termination of  Botnets.
+
 
+
 
+
Our trainers take you inside the minds of today’s criminals and students completeing the class will be able to execute a full investigation in the respective discipline. Participants proficiency in the above skills will be tested with certification exams.
+
+
 
+
 
+
 
+
----
+
 
+
'''Contact Information:'''
+
 
+
1-877-WETSTONE ext 2
+
 
+
www.wetstonetech.com [https://www.wetstonetech.com/index.html]
+

Revision as of 14:36, 12 January 2014

Rekall
Maintainer: Darren Bilby and others
OS: Cross-platform
Genre: Incident Response
License: APL
Website: code.google.com/p/grr/

GRR is an Incident Response Framework focused on Remote Live Forensics.

The disk and file system analysis capabilities of GRR are provided by the sleuthkit and pytsk projects.

The memory analysis and acquisition capabilities of GRR are provided by the rekall project.

Contents

See also

External Links

Publications

Presentations

Workshops