tag:blogger.com,1999:blog-4080617372940068027.post3343255988355049382..comments2024-03-13T01:32:25.097-04:00Comments on Journey Into Incident Response: How was the System Infected? Part 2Corey Harrellhttp://www.blogger.com/profile/15008629321023489214noreply@blogger.comBlogger4125tag:blogger.com,1999:blog-4080617372940068027.post-62855510065771976112010-09-04T12:53:44.198-04:002010-09-04T12:53:44.198-04:00Kalyan,
I am focusing on systems with malware for...Kalyan,<br /><br />I am focusing on systems with malware for various reasons but the main one is because I find this scenario one of the easier ones to create multiple test systems. Eventually I want to be able to investigate an infection within a network (multiple computers, servers, and network logs) and be able to answer the same two questions. I will be posting about different types of infections including different sources of data in the future before I move on to a different scenario.<br /><br />Thanks for the comment.Corey Harrellhttps://www.blogger.com/profile/15008629321023489214noreply@blogger.comtag:blogger.com,1999:blog-4080617372940068027.post-27174249609472528482010-09-04T12:11:15.496-04:002010-09-04T12:11:15.496-04:00Corey
Nice post and nice blog. It seemed like a r...Corey<br /><br />Nice post and nice blog. It seemed like a real security incident and its investigation. Hope to see posts on analysis of other types of infection in future.Kalyannoreply@blogger.comtag:blogger.com,1999:blog-4080617372940068027.post-30161055396663780562010-09-02T09:31:37.338-04:002010-09-02T09:31:37.338-04:00Stefan,
I try to use two tools to help validate a...Stefan,<br /><br />I try to use two tools to help validate any findings but it didn't cross my mind to use the same approach with online scanners.<br /><br />Thanks for the feedback and I will get your tip in mind.Corey Harrellhttps://www.blogger.com/profile/15008629321023489214noreply@blogger.comtag:blogger.com,1999:blog-4080617372940068027.post-3687494179681891932010-09-02T09:05:52.227-04:002010-09-02T09:05:52.227-04:00Corey,
nice write-up. If you do upload files from...Corey,<br /><br />nice write-up. If you do upload files from a case though make sure to use multiple sandbox operators as the results may vary. The PDF file, e.g., leads to further results when <a href="http://jsunpack.jeek.org/dec/go?report=316e1c503b03302188fba1cd904a10b5235daff3" rel="nofollow">analysed w/ jsunpack</a>Stefanhttp://www.bfk.de/noreply@blogger.com