Premium Content

Access "What CISOs need to know about computer forensics"

Published: 22 Oct 2012
How to dig out rootkits

This article is part of the September 2007 issue of How to dig out rootkits

Don't trample evidence in a breach. Missteps in an investigation will cost you in court. From all indications, something bad had happened. After installing an intrusion prevention system, the security team at UW Medicine spotted several machines trying to communicate with an IRC botnet server in France. Cindy Jenkins, a security engineer and computer forensics expert at the medical and research organization, immediately went on a hunt for clues behind the suspicious activity. Hours spent combing through images of the hard drives from the infected PCs turned up the attackers' tools: an IRC bot, a rootkit and an FTP server. Passive network scanning detected more compromised systems. To save time, Jenkins made hash sets--digital fingerprints--of the malware so she could look just for the hash sets when inspecting additional images. She determined the machines were infected 18 to 24 months earlier--before the IPS and other security measures were installed. It appeared that UW Medicine, part of the University of Washington, had been attacked by resource hogs--... Access >>>

Access TechTarget
Premium Content for Free.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Already a member? Login to access this content.

What's Inside

Features
    • Malware Analysis

      Norman SandBox Analyzer Pro

    • Rootkit detection and removal know-how

      Get advice on how to detect malware and rootkits and the best ways to achieve rootkit removal and prevent hacker attacks.

    • Logical, physical security integration challenges

      Integrating physical and IT security can reap considerable benefits for an organization, including enhanced efficiency and compliance plus improved security. But convergence isn't easy. Challenges include bringing the physical and IT security teams together, combining heterogenous systems, and upgrading a patchwork of physical access systems.

    • SIM and NBA product combination is powerful

      The recent announcement that Mazu Networks, a provider of network-based analysis (NBA) tools, and eIQnetworks, a supplier of SIM products, underscores the trend towards convergence in the NBA and SIM markets. The value proposition is clear: two useful network/security data analysis tools in one integrated package.

    • Virtualization

      BufferZone Enterprise

More Premium Content Accessible For Free

Back to top