Chapter 13 ©2011 Eoghan Casey. Published by Elsevier Inc. All rights reserved.. Investigating...
-
Upload
coral-townsend -
Category
Documents
-
view
219 -
download
5
Transcript of Chapter 13 ©2011 Eoghan Casey. Published by Elsevier Inc. All rights reserved.. Investigating...
![Page 1: Chapter 13 ©2011 Eoghan Casey. Published by Elsevier Inc. All rights reserved.. Investigating Computer Intrusions.](https://reader036.fdocuments.us/reader036/viewer/2022062517/56649f145503460f94c29670/html5/thumbnails/1.jpg)
Chapter 13
©2011 Eoghan Casey. Published by Elsevier Inc. All rights reserved.
. Investigating Computer Intrusions
![Page 2: Chapter 13 ©2011 Eoghan Casey. Published by Elsevier Inc. All rights reserved.. Investigating Computer Intrusions.](https://reader036.fdocuments.us/reader036/viewer/2022062517/56649f145503460f94c29670/html5/thumbnails/2.jpg)
Figure 1.1
Copyright © 2011 Academic Press Inc.©2011 Eoghan Casey. Published by Elsevier Inc. All rights reserved.
FIGURE 13.1 Use of the nmap scanning tool to obtain information about what services are running on a remote computer.
![Page 3: Chapter 13 ©2011 Eoghan Casey. Published by Elsevier Inc. All rights reserved.. Investigating Computer Intrusions.](https://reader036.fdocuments.us/reader036/viewer/2022062517/56649f145503460f94c29670/html5/thumbnails/3.jpg)
Figure 1.1
Copyright © 2011 Academic Press Inc.©2011 Eoghan Casey. Published by Elsevier Inc. All rights reserved.
FIGURE 13.2 Metasploit being used to exploit a vulnerability on a remote Windows computer.
![Page 4: Chapter 13 ©2011 Eoghan Casey. Published by Elsevier Inc. All rights reserved.. Investigating Computer Intrusions.](https://reader036.fdocuments.us/reader036/viewer/2022062517/56649f145503460f94c29670/html5/thumbnails/4.jpg)
Figure 1.1
Copyright © 2011 Academic Press Inc.©2011 Eoghan Casey. Published by Elsevier Inc. All rights reserved.
FIGURE 13.3 Directory listing obtained from a remote system after gaining remote access via a vulnerability exploited using Metasploit.
![Page 5: Chapter 13 ©2011 Eoghan Casey. Published by Elsevier Inc. All rights reserved.. Investigating Computer Intrusions.](https://reader036.fdocuments.us/reader036/viewer/2022062517/56649f145503460f94c29670/html5/thumbnails/5.jpg)
Figure 1.1
Copyright © 2011 Academic Press Inc.©2011 Eoghan Casey. Published by Elsevier Inc. All rights reserved.
FIGURE 13.4 Listing showing details about processes running on a Windows system.
![Page 6: Chapter 13 ©2011 Eoghan Casey. Published by Elsevier Inc. All rights reserved.. Investigating Computer Intrusions.](https://reader036.fdocuments.us/reader036/viewer/2022062517/56649f145503460f94c29670/html5/thumbnails/6.jpg)
Figure 1.1
Copyright © 2011 Academic Press Inc.©2011 Eoghan Casey. Published by Elsevier Inc. All rights reserved.
FIGURE 13.5 Order of volatility.
![Page 7: Chapter 13 ©2011 Eoghan Casey. Published by Elsevier Inc. All rights reserved.. Investigating Computer Intrusions.](https://reader036.fdocuments.us/reader036/viewer/2022062517/56649f145503460f94c29670/html5/thumbnails/7.jpg)
Figure 1.1
Copyright © 2011 Academic Press Inc.©2011 Eoghan Casey. Published by Elsevier Inc. All rights reserved.
FIGURE 13.6 Unusual process viewed using Alt-Ctrl-Del.
![Page 8: Chapter 13 ©2011 Eoghan Casey. Published by Elsevier Inc. All rights reserved.. Investigating Computer Intrusions.](https://reader036.fdocuments.us/reader036/viewer/2022062517/56649f145503460f94c29670/html5/thumbnails/8.jpg)
Figure 1.1
Copyright © 2011 Academic Press Inc.©2011 Eoghan Casey. Published by Elsevier Inc. All rights reserved.
FIGURE 13.7 EnCase used to analyze Linux system showing rootkit installations script.