autopsy forensics

Crowdflower Winner ' s interview:1st place, Chenglong ChenThe Crowdflower search Results relevance Competition asked Kagglers to evaluate the accuracy of E-commerce Search engines On a scale of 1-4 using a dataset of queries results. Chenglong Chen finished ahead of 1,423 other data scientists to take first place. He shares his approach with us from his home in Guangzhou, Guangdong, and China. (to compare winning methodologies, you can read a write-up from the third place team here.)The competi

[Who logged on to my computer? How to view Windows event logs? Source: Data Security and forensics (ID: Cflab_net) Original: Wendy In addition to your Mac laptop, Wendy also has a Windows desktop. There is nothing to do with your laptop, but recently I feel that every time I open a Windows desktop at work, it is different from the time I left the previous day! However, it is not good to ask questions everywhere. You only need to do it yourself ?. F

debugger which uses itAndroguard:reverse Engineering and analysis of Android applicationsfuzzingSulley:fuzzer Development and fuzz testing framework consisting of multiple extensible componentsPeach fuzzing platform:extensible fuzzing framework for generation and mutation based Fuzzing (v2 is written in Python)Antiparser:fuzz testing and fault injection APITaof, (the Art of fuzzing) including Proxyfuzz, a man-in-the-middle non-deterministic network FuzzerUntidy:general Purpose XML FuzzerPowerfu

dual-machine hot standby environment is demonstrated, if the firewall is non-local (the remote node is faulty), how to switch the two-machine hot standby; third, only in the main - standby mode of the dual-machine hot standby, so that the utilization of the firewall is too low, how to the dual-machine hot standby environment to introduce load The combination of firewalls and other more technologies in the switching network. It also describes some typical error planning and design in the process

engineer.2. Self-discovery: According to the server anomaly or fault judgment, such as sending large-scale traffic or system load abnormally high, this situation is generally found and verified by operations engineers.Ii. on-site protection (operation and maintenance)Many of us have seen the mainland TV series, "Serious case six," every time a criminal case, Interpol first time is to block the scene, the preservation of the original site. Similarly, security incidents occur at the scene, as in

responses. q Identify the related network problems by looking at the results of the graphical display. The q determines the overloaded buffer. The q a baseline for slow communication to normal communication. q Find the duplicate IP address. The q determines the DHCP service or network proxy problem. The q determines the WLAN signal strength issue. q The number of times the WLAN connection was detected. The q checks for various network configuratio

More than 1000 weak passwords of the O M system of China tower company leak a large number of base stations, O M monitoring, data centers, maintenance teams, contracts, and other information throughout the country. Too many weak passwords.Find the first display! China tower O M Monitoring System **.**.**.**:8989/baf/jsp/uiframe/login.jsp This system has a lot of weak passwords. In the test, we won 888888 accounts with 1040 passwords, which are listed as follows:Zhangwei, 888888 wangfang 888

a loss of reputation or money. apart from local area networks, websites are also vulnerable and have become the prime target of crackers. in short, vulnerabilities can be exploited from within the Organization, as well as over the Internet by unknown people. On the bright side, with the number of attacks increasing, there are now a slew of tools to detect and stop malware and cracking attempts. the Open Source world has such utilities (and distros ). here, I must mention backtrack Linux, which

To do this, you must first sharpen the tool. When you dump the Linux/Unix server memory, you must have a proper tool at hand. Foreign media checked Eight Linux/Unix server memory monitoring tools. Let's take a look. LiMELinux Memory Extractor) LiME (formerly referred to as DMD) is a kind of Loadable Kernel Module (LKM) that can be loaded to obtain the volatile memory in Linux and Linux devices. This tool supports obtaining memory from the file system of the device or from the network. LiME is th

you to obtain operating system data through SQL-based queries. Osquery abstracts running processes, loaded kernel modules, opened network connections, browser plug-ins, hardware events, and file hashing into SQL data tables.2. Metasploit Framework-from Rapid7Metasploit Framework is a tool used to develop and execute vulnerability exploitation code for remote target hosts.3. Infer-from FacebookFacebook Infer is a static analysis tool. Use it to analyze Objective-C, Java, or C code and list poten

We could take advantage of Plist to bypass Trust relationship so as to extract data from a iDevice. Now it becomes a impossible mission in IOS.As you could see the iOS version is iOS 10.0.2.Now my workstation trust this iDevice, and the plist in Lockdown folder are right there.Let me show you how happen to IOS 10. I Poweroff This iDevice and power it on. Of course it ' s locked. You have a to enter passcode or Touch ID.Let's take a look at the iTunes in my workstation. ITunes could not see anyth

1. First we need to download backtrack 5 r3 2. Open the virtual machine, CTRL + N Create a new virtual machine, Typical--next Install disc image file (ISO)--Select a good ISO image to download--next Guest operating system--Select Linux Version--other linux2.4.xkernel--next Virtual machine name BT5R1 location--VM installation path--next Maximum disk size (GB) give him 12G,--next. —————————— Finish —————————— Backtrack text--character mode, default startup entry Backtrack stealth--No net

Linux system is the most common operating system of the server, but also face a lot of security incidents, compared with the Windows operating system, Linux has a clear access control and comprehensive management tools, with very high security and stability. After the Linux system was invaded, the attackers often cleaned out the various logs in the system, including access and error log, last log, message log, secure log, etc, which brought a lot of resistance to our later emergency response and

communication (9) Find the duplicate IP address (10) Determining DHCP service or network agent issues (11) Determine WLAN signal strength problem (12) Number of WLAN connections detected (13) Check various network configuration errors (14) Determine that the application is loading a network fragment 3. Security Analysis (Network forensics) Task (1) Create a custom analysis environment for network forensics

management beforehand, in the event, after three stages, the priority is the deployment of protective measures, squad; security monitoring and emergency response, can be protected against foreseeable danger, but for the unknown risk can only be monitored, Find a way to solve the problem first, afterwards is the analysis of security incidents and forensics, the monitoring of the incident did not alarm the ex-post analysis. The functional development o

you focus only on the outside of the black box and do not care about it at all, then if the model does not work well, it will be difficult to locate the problem. In turn, if the effect is good, it will be a bit confusing, like your bathroom lights suddenly self-lit, or the TV suddenly opened himself, always make people very not practical.We have a deep feeling on this issue. We first in the system, found that the effect is not good, in fact, there is not too much discipline to help locate the p

: Interception: A snapshot of the interception system at one level is analyzed. For example, some stack facets and tools for analysis, Jstack, Jmap, kill-3, MAT, Heap Analyser, and so on. Monitor: Monitor system changes and even data flow. such as Jprofiler, JConsole, JStat, Btrace and so on. Autopsy: The system has gone down, but left some "incriminating evidence" to analyze them later. The most famous is the hs_err_pid.log that may