Difference between pages "Incident Response" and "Blogs"

From ForensicsWiki
(Difference between pages)
Jump to: navigation, search
(External Links)
 
(English)
 
Line 1: Line 1:
{{Expand}}
+
[[Computer forensics]] related resources like: blogs, fora, tweets, tools and challenges (and test images).
  
Incident Response is a set of procedures for an investigator to examine a computer security incident. This process involves figuring out what was happened and preserving information related to those events. Because of the fluid nature of computer investigations, incident response is more of an art than a science.
+
= Blogs =
  
== Tools ==
+
== English ==
  
Incident response tools can be grouped into three categories. The first category is '''Individual Tools'''. These are programs designed to probe parts of the operating system and gather useful and/or volatile data. The tools are self-contained, useful, discrete, and do not create a large footprint on the victim system.  
+
* [http://www.appleexaminer.com/ The Apple Examiner]
 +
* [http://computer.forensikblog.de/en/ Computer Forensics Blog], by [[Andreas Schuster]]
 +
* [http://www.niiconsulting.com/checkmate/ Checkmate - e-zine on Digital Forensics and Incident Response]
 +
* [http://www.infosecinstitute.com/blog/ethical_hacking_computer_forensics.html Jack Koziol - Ethical Hacking and Computer Forensics]
 +
* [http://windowsir.blogspot.com/ Windows Incident Response Blog], by [[Harlan Carvey]]
 +
* [http://geschonneck.com/ Computer Forensics Blog], by [[Alexander Geschonneck]]
 +
* [http://forensicblog.org/ Computer Forensics Blog], by [[Michael Murr]]
 +
* [http://forenshick.blogspot.com/ Forensic news, Technology, TV, and more], by [[Jordan Farr]]
 +
* [http://unixsadm.blogspot.com/ UNIX, OpenVMS and Windows System Administration, Digital Forensics, High Performance Computing, Clustering and Distributed Systems], by [[Criveti Mihai]]
 +
* [http://intrusions.blogspot.com/ Various Authors - Intrusions and Malware Analysis]
 +
* [http://chicago-ediscovery.com/education/computer-forensics-glossary/ Computer Forensic Glossary Blog, HOWTOs and other resources], by [[Andrew Hoog]]
 +
* [http://secureartisan.wordpress.com/ Digital Forensics with a Focus on EnCase], by [[Paul Bobby]]
 +
* [http://www.crimemuseum.org/blog/ National Museum of Crime and Punishment-CSI/Forensics Blog]
 +
* [http://forensicsfromthesausagefactory.blogspot.com/ Forensics from the sausage factory]
 +
* [http://integriography.wordpress.com Computer Forensics Blog], by [[David Kovar]]
 +
* [http://jessekornblum.livejournal.com/ A Geek Raised by Wolves], by [[Jesse Kornblum]]
 +
* [http://computer-forensics.sans.org/blog SANS Computer Forensics and Incident Response Blog by SANS Institute]
 +
* [http://www.digitalforensicsource.com Digital Forensic Source]
 +
* [http://dfsforensics.blogspot.com/ Digital Forensics Solutions]
 +
* [http://forensicaliente.blogspot.com/ Forensicaliente]
 +
* [http://www.ericjhuber.com/ A Fistful of Dongles]
 +
* [http://gleeda.blogspot.com/ JL's stuff]
 +
* [http://4n6k.blogspot.com/ 4n6k]
 +
* [http://justaskweg.com/ JustAskWeg], by [[Jimmy Weg]]
 +
* [http://blog.kiddaland.net/ IR and forensic talk], by [[Kristinn Gudjonsson]]
 +
* [http://c-skills.blogspot.ch/ c-skills], by [[Sebastian Krahmer]]
 +
* [http://sketchymoose.blogspot.ch/ Sketchymoose's Blog]
 +
* [http://www.swiftforensics.com/ All things forensic and security related], by [[Yogesh Khatri]]
 +
* [http://dan3lmi.blogspot.pt/ Dlog], by [[Daniela Elmi]]
  
Standalone tools have been combined to create '''Script Based Tools'''. These tools combine a number of standalone tools that are run via a script or batch file. They require minimal interaction from the user and gather a fixed set of data. These tools are good in that they automate the incident response process and provide the examiner with a standard process to defend in court. They also do not require the first responder to necessarily be an expert with the individual tools. Their weakness, however, is that they can be inflexible. Once the order of the tools is set, it can be difficult to change. Some script based tools allow the user to pick and choose which standalone tools will be used in a given examination.
+
=== Windows ===
 +
* [http://blogs.msdn.com/b/ntdebugging/ ntdebugging - Advanced Windows Debugging and Troubleshooting]
  
The final category of tools are '''Agent Based Tools'''. These tools require the examiner to install a program on the victim which can then report back to a central server. The upshot is that one examiner can install the program on multiple computers, gather data from all of them, and then view the results in the aggregate. Finding the victim or victims can be easier if they stand out from the crowd.
+
== Dutch ==
  
== See Also ==
+
* [http://stam.blogs.com/8bits/ 8 bits], by [[Mark Stam]] (also contain English articles otherwise use [http://translate.google.com/translate?u=http%3A%2F%2Fstam.blogs.com%2F8bits%2Fforensisch%2Findex.html&langpair=nl%7Cen&hl=en&ie=UTF-8 Google translation])
* Obsolete: [[List of Script Based Incident Response Tools]]
+
  
== External Links ==
+
== French ==
* [http://dfrws.org/2002/papers/Papers/Jesse_Kornblum.pdf Preservation of Fragile Digital Evidence by First Responders], by [[Jesse Kornblum]], DFRWS 2002
+
* [http://blog.handlerdiaries.com/?p=325 Keeping Focus During an Incident], by jackcr, January 17, 2014
+
  
=== Emergency Response ===
+
* [http://forensics-dev.blogspot.com Forensics-dev] ([http://translate.google.com/translate?u=http%3A%2F%2Fforensics-dev.blogspot.com%2F&langpair=fr%7Cen&hl=en&ie=UTF-8&oe=UTF-8&prev=%2Flanguage_tools Google translation])
* [http://www.mdchhs.com/sites/default/files/JEM-9-5-02-CHHS.pdf Addressing emergency response provider fatigue in emergency response preparedness, management, policy making, and research], Clark J. Lee, JD, September 2011
+
  
=== Kill Chain ===
+
== German ==
* [http://www.lockheedmartin.com/content/dam/lockheed/data/corporate/documents/LM-White-Paper-Intel-Driven-Defense.pdf Intelligence-Driven Computer Network Defense Informed by Analysis of Adversary Campaigns and Intrusion Kill Chains], by Eric M. Hutchins, Michael J. Clopperty, Rohan M. Amin, March 2011
+
* [http://www.emc.com/collateral/hardware/solution-overview/h11154-stalking-the-kill-chain-so.pdf Stalking the kill chain], by RSA
+
  
=== Incident Lifecycle ===
+
* [http://computer.forensikblog.de/ Computer Forensik Blog Gesamtausgabe], by [[Andreas Schuster]] ([http://computer.forensikblog.de/en/ English version])
* [http://www.itsmsolutions.com/newsletters/DITYvol5iss7.htm Expanding the Expanded Incident Lifecycle], by Janet Kuhn, February 18, 2009
+
* [http://computer-forensik.org computer-forensik.org], by [[Alexander Geschonneck]] ([http://translate.google.com/translate?u=http%3A%2F%2Fwww.computer-forensik.org&langpair=de%7Cen&hl=en&ie=UTF-8&oe=UTF-8&prev=%2Flanguage_tools Google translation])
* [https://www.enisa.europa.eu/activities/cert/support/incident-management/browsable/workflows/incident-lifecycle Incident lifecycle], by [[ENISA]]
+
* [http://henrikbecker.blogspot.com Digitale Beweisführung], by [[Henrik Becker]] ([http://translate.google.com/translate?u=http%3A%2F%2Fhenrikbecker.blogspot.com&langpair=de%7Cen&hl=en&ie=UTF-8&oe=UTF-8&prev=%2Flanguage_tools Google translation])
  
== Tools ==
+
== Spanish ==
=== Individual Tools ===
+
* [http://technet.microsoft.com/en-us/sysinternals/0e18b180-9b7a-4c49-8120-c47c5a693683.aspx Sysinternals Suite]
+
  
=== Script Based Tools ===
+
* [http://www.forensic-es.org/blog forensic-es.org] ([http://translate.google.com/translate?u=http%3A%2F%2Fwww.forensic-es.org%2Fblog&langpair=es%7Cen&hl=en&ie=UTF-8&oe=UTF-8&prev=%2Flanguage_tools Google translation])
* [[First Responder's Evidence Disk|First Responder's Evidence Disk (FRED)]]
+
* [http://www.inforenses.com InForenseS], by [[Javier Pages]] ([http://translate.google.com/translate?u=http%3A%2F%2Fwww.inforenses.com&langpair=es%7Cen&hl=es&ie=UTF-8&oe=UTF-8&prev=%2Flanguage_tools Google translation])
* [[COFEE|Microsoft COFEE]]
+
* [http://windowstips.wordpress.com El diario de Juanito]
* [[Windows Forensic Toolchest|Windows Forensic Toolchest (WFT)]]
+
* [http://conexioninversa.blogspot.com Conexión inversa]
* [[Regimented Potential Incident Examination Report|RAPIER]]
+
  
=== Agent Based Tools ===
+
== Russian ==
* [[GRR]]
+
* [[First Response|Mandiant First Response]]
+
  
== Books ==
+
* Group-IB: [http://notheft.ru/blogs/group-ib blog at notheft.ru], [http://www.securitylab.ru/blog/company/group-ib/ blog at securitylab.ru]
There are several books available that discuss incident response. For [[Windows]], ''[http://www.windows-ir.com/ Windows Forensics and Incident Recovery]'' by [[Harlan Carvey]] is an excellent introduction to possible scenarios and how to respond to them.
+
  
[[Category:Incident Response]]
+
= Related blogs =
 +
 
 +
* [http://www.c64allstars.de C64Allstars Blog]
 +
* [http://www.emergentchaos.com/ Emergent Chaos], by [[Adam Shostack]]
 +
* [http://jeffjonas.typepad.com/ Inventor of NORA discusses privacy and all things digital], by [[Jeff Jonas]]
 +
* [http://www.cs.uno.edu/~golden/weblog Digital Forensics, Coffee, Benevolent Hacking], by [[Golden G. Richard III]]
 +
 
 +
= Circles/Fora/Groups =
 +
* [http://forensicfocus.com/ Forensic Focus]
 +
* [http://tech.groups.yahoo.com/group/win4n6 Yahoo! groups: win4n6 · Windows Forensic Analysis]
 +
 
 +
= Tweets =
 +
* [http://twitter.com/#!/search/%23DFIR?q=%23DFIR #DFIR]
 +
* [http://twitter.com/#!/search/%23forensics #forensics]
 +
 
 +
= Tools =
 +
* [http://www2.opensourceforensics.org/ Open Source Digital Forensics]
 +
* [http://forensiccontrol.com/resources/free-software/ Free computer forensic tools]
 +
* [http://code.google.com/p/libyal/ Yet another library library (and tools)]
 +
 
 +
= Challenges (and test images) =
 +
* [http://www.dc3.mil/challenge/ DC3 Challenges]
 +
* [http://testimages.wordpress.com/ Digital Forensics Test Images]
 +
* [http://www.forensicfocus.com/images-and-challenges Forensic Focus - Test Images and Forensic Challenges]
 +
* [https://www.honeynet.org/challenges/ Honeynet Project Challenges]
 +
* [http://testimages.wordpress.com/ Digital Forensic Test Images]
 +
* [http://secondlookforensics.com/linux-memory-images/ Second Look - Linux Memory Images]
 +
* [http://sourceforge.net/projects/nullconctf2014/ NullconCTF2014]
 +
 
 +
= Conferences =
 +
See: [[:Category:Conferences|Conferences]]
 +
 
 +
[[Category:Further information]]

Revision as of 09:11, 29 January 2014

Computer forensics related resources like: blogs, fora, tweets, tools and challenges (and test images).

Blogs

English

Windows

Dutch

French

German

Spanish

Russian

Related blogs

Circles/Fora/Groups

Tweets

Tools

Challenges (and test images)

Conferences

See: Conferences