Security Artifacts – The Hunt for Forensic Residue

Email     |     Share  
1 | 2 | 3 | 4 | 5 | 6 | 7
Previous Security Artifacts – The Hunt for Forensic Residue-1 Next

Forensic Residue and Cybersecurity

Click through for more on how forensic residue can help organizations better protect themselves from security threats, both inside and outside the organization, as identified by Paul Shomo, senior technical manager, Strategic Partnerships, Guidance Software.

A quiet, underground revolution is taking place in the security industry as companies shift from focusing on the perimeter to capturing and analyzing the residue left on endpoint devices by hackers and cyber attacks. Several years ago, a community of forensic researchers began reverse engineering the innards of operating systems. Their efforts led to finding "artifacts," which reveal almost all users and application interaction with the operating system. These breadcrumbs can be found deep within file systems, memory and OS system files. Unlike clearing log files, artifacts are nearly impossible to manipulate.

The residue or artifacts left behind can provide clues about an intruder to IT security professionals. For example, RAT (Remote Access Trojan) residue was important in investigating the cause of the Office of Personnel Management's (OPM) breach. OPM's intrusion prevention system essentially logged data that was being exfiltrated without detecting any of the breadcrumbs that attackers left behind.

Today's incident response and endpoint detection tools use forensic artifacts that have accumulated on endpoints. Advanced rootkits, zero-day attacks and command and control incidents leave an abundance of artifacts. Avoiding leaving a forensic trail is almost impossible.

In this slideshow, Paul Shomo, senior technical manager, Strategic Partnerships, Guidance Software, looks at forensic residue and how it can help organizations better protect themselves from security threats, both inside and outside the organization.

 

Related Topics : Unisys, Stimulus Package, Security Breaches, Symantec, Electronic Surveillance

 
More Slideshows

blockchain The World According to Blockchain

Blockchain comes with many costs and is surrounded by confusion. Here, we examine realistic use cases, drawbacks and the potential of blockchain. ...  More >>

biometrics Biometrics: Moving Far Beyond Fingerprints

Biometrics are changing the way we think about security. Here are some of the more innovative ways biometrics are being used and what we can expect in the future. ...  More >>

Privacy rollback Security Pros Give Their Opinions on ISP Data Privacy Rollback

IT staff, organization leaders, and the average citizen have all expressed levels of concern over the FCC about-face in regard to ISP privacy. Here’s what the security experts say. ...  More >>

Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.