This document discusses computer forensics and incident response. It provides an introduction and definition of computer forensics, discusses legal issues, and describes the EnCase approach and tools. It also discusses threats like data breaches, integrating forensics into incident response, analytics on common breaches, and recommendations for implementing an incident response infrastructure.
You have spent a ton of money on your security infrastructure. But how do you string all those things together so you can achieve your goals of reducing time to response, detecting, preventing threats. And most importantly, having your security team serve your business and mission. Learn how to organize your security resources to get the best benefit. See a live demonstration of operationalizing those resources so your security teams can do more for your organization.
Intrusion Detection and Prevention (IDP) Systems can prevent malicious intruders from hacking into your corporate network and stealing your sensitive data. They can also be used on internal segments of the network to block internal users from accessing sensitive data. Implement Intrusion Detection and Prevention to avoid becoming a headline.
Use this Solution Set to:
•Develop an IDP strategy.
•Make the business case for IDP.
•Compare and select IDP vendors.
Ensure that you make the correct IDP decisions for your enterprise needs; from strategy to selection to implementation.
SANS Ask the Expert: An Incident Response Playbook: From Monitoring to Opera...AlienVault
As cyber attacks grow more sophisticated, many organizations are investing more into incident detection and response capabilities. Event monitoring and correlation technologies and security operations are often tied to incident handling responsibilities, but the number of attack variations is staggering, and many organizations are struggling to develop incident detection and response processes that work for different situations.
In this webcast, we'll outline the most common types of events and indicators of compromise (IOCs) that naturally feed intelligent correlation rules, and walk through a number of different incident types based on these. We'll also outline the differences in response strategies that make the most sense depending on what types of incidents may be occurring. By building a smarter incident response playbook, you'll be better equipped to detect and respond more effectively in a number of scenarios.
You have spent a ton of money on your security infrastructure. But how do you string all those things together so you can achieve your goals of reducing time to response, detecting, preventing threats. And most importantly, having your security team serve your business and mission. Learn how to organize your security resources to get the best benefit. See a live demonstration of operationalizing those resources so your security teams can do more for your organization.
Intrusion Detection and Prevention (IDP) Systems can prevent malicious intruders from hacking into your corporate network and stealing your sensitive data. They can also be used on internal segments of the network to block internal users from accessing sensitive data. Implement Intrusion Detection and Prevention to avoid becoming a headline.
Use this Solution Set to:
•Develop an IDP strategy.
•Make the business case for IDP.
•Compare and select IDP vendors.
Ensure that you make the correct IDP decisions for your enterprise needs; from strategy to selection to implementation.
SANS Ask the Expert: An Incident Response Playbook: From Monitoring to Opera...AlienVault
As cyber attacks grow more sophisticated, many organizations are investing more into incident detection and response capabilities. Event monitoring and correlation technologies and security operations are often tied to incident handling responsibilities, but the number of attack variations is staggering, and many organizations are struggling to develop incident detection and response processes that work for different situations.
In this webcast, we'll outline the most common types of events and indicators of compromise (IOCs) that naturally feed intelligent correlation rules, and walk through a number of different incident types based on these. We'll also outline the differences in response strategies that make the most sense depending on what types of incidents may be occurring. By building a smarter incident response playbook, you'll be better equipped to detect and respond more effectively in a number of scenarios.
Security Analytics for Data Discovery - Closing the SIEM GapEric Johansen, CISSP
Although SIEM has been the cornerstone of security data analysis for years, it has struggled to meet the data triage and analysis needs required for incident response and hunting. It is too slow, difficult to use, and is often inadequately tuned or maintained to be helpful for on-demand data analysis.
In this session we’ll explore new security analytics technologies – rapid search, natural language, pattern-based correlations, and unstructured data – that can extend the on-demand data analysis of the SIEM to improve threat hunting and accelerate incident response.
Presented at AusCERT: May 25, 2016.
Are existing compliance requirements sufficient to prevent data breaches? This session will provide a technical assessment of the 2019 Capital One data breach, illustrating the technical modus operandi of the attack and identify related compliance requirements based on the NIST Cybersecurity Framework. Attendees will learn the unexpected impact of corporate culture on overall cyber security posture.
This talk was presented at RSA Conference 2021 (Session RMG-T15) on May 18, 2021.
Original paper available for download at SSRN: Novaes Neto, Nelson and Madnick, Stuart E. and Moraes G. de Paula, Anchises and Malara Borges, Natasha, A Case Study of the Capital One Data Breach (28/04/2020). https://ssrn.com/abstract=3570138
Security operations center 5 security controlsAlienVault
An effective Security Operation Center provides the information necessary for organizations to efficiently detect threats and subsequently contain them. While eliminating the threats we face is an impossible goal, reducing the time it takes to respond and contain them is certainly achievable. Learn 5 security controls for an effective security operations center.
Alien vault sans cyber threat intelligenceAlienVault
Over the last several years, we have seen that attackers are innovating much faster than defenders are. This trend is steering many companies to look towards cyber threat intelligence (CTI) to help them navigate today’s threatening landscape. SANS conducted a survey this year to explore who is using cyber threat intelligence and how they are using it. The survey collected responses from 326 IT professionals working in a variety of industries, in all sizes and from many different regions. 69% of the respondents reported implementing CTI to some extent, with only 16% planning not to pursue CTI in their environments. Which side of this percentage do you fall into? The infographic below provides some of the key questions to ask when getting started with threat intelligence, along with data from the SANS survey to show you how others are using threat intelligence.
Is your organization ready to respond to an incident? More specifically, do you have the people, process, and technology in place that is required to cope with today's threats?
This webinar will provide practical steps on how to assess your organization's risks, threats, and current capabilities through a methodical and proven approach. From there, it will detail the people, process, and technology considerations when standing up or revitalizing an incident response (IR) program.
Specifically it will cover the four pillars of a modern IR function:
- Identify what must be protected
- Scope potential breach impact to the organization
- Define IR management capabilities
- Determine likely threats and their potential impact
Our featured speakers for this webinar will be:
- Ted Julian, Chief Marketing Officer, Co3 Systems
- Richard White, Solutions Principal, HP
Talking about Next-Gen Security Operation Center for IDNIC+APJII as representative from IDSECCONF. People-Centric SOC requires lot of investment on human in terms of quantity and quality, unfortunately, (good) IT security people are getting rare these days. Organisation need to put their investments more on technology, as in Industry 4.0, machines are getting more advanced to support Human on doing continuous and repetitive task.
Moving from “traditional” to next-gen SOC require proper plan, thats what this talk was about.
Ponemon Report: Cyber Security Incident Response: Are we as prepared as we th...Lancope, Inc.
Learn about the key mistakes organizations are making when it comes to incident response, presented by the chairman and founder of the Ponemon Institute, Dr. Larry Ponemon, and Lancope’s director of security research, Tom Cross. Then learn about how the right mix of people, processes and technology can dramatically improve your incident response efforts and elevate the importance of the CSIRT within your organization.
Security Analytics for Data Discovery - Closing the SIEM GapEric Johansen, CISSP
Although SIEM has been the cornerstone of security data analysis for years, it has struggled to meet the data triage and analysis needs required for incident response and hunting. It is too slow, difficult to use, and is often inadequately tuned or maintained to be helpful for on-demand data analysis.
In this session we’ll explore new security analytics technologies – rapid search, natural language, pattern-based correlations, and unstructured data – that can extend the on-demand data analysis of the SIEM to improve threat hunting and accelerate incident response.
Presented at AusCERT: May 25, 2016.
Are existing compliance requirements sufficient to prevent data breaches? This session will provide a technical assessment of the 2019 Capital One data breach, illustrating the technical modus operandi of the attack and identify related compliance requirements based on the NIST Cybersecurity Framework. Attendees will learn the unexpected impact of corporate culture on overall cyber security posture.
This talk was presented at RSA Conference 2021 (Session RMG-T15) on May 18, 2021.
Original paper available for download at SSRN: Novaes Neto, Nelson and Madnick, Stuart E. and Moraes G. de Paula, Anchises and Malara Borges, Natasha, A Case Study of the Capital One Data Breach (28/04/2020). https://ssrn.com/abstract=3570138
Security operations center 5 security controlsAlienVault
An effective Security Operation Center provides the information necessary for organizations to efficiently detect threats and subsequently contain them. While eliminating the threats we face is an impossible goal, reducing the time it takes to respond and contain them is certainly achievable. Learn 5 security controls for an effective security operations center.
Alien vault sans cyber threat intelligenceAlienVault
Over the last several years, we have seen that attackers are innovating much faster than defenders are. This trend is steering many companies to look towards cyber threat intelligence (CTI) to help them navigate today’s threatening landscape. SANS conducted a survey this year to explore who is using cyber threat intelligence and how they are using it. The survey collected responses from 326 IT professionals working in a variety of industries, in all sizes and from many different regions. 69% of the respondents reported implementing CTI to some extent, with only 16% planning not to pursue CTI in their environments. Which side of this percentage do you fall into? The infographic below provides some of the key questions to ask when getting started with threat intelligence, along with data from the SANS survey to show you how others are using threat intelligence.
Is your organization ready to respond to an incident? More specifically, do you have the people, process, and technology in place that is required to cope with today's threats?
This webinar will provide practical steps on how to assess your organization's risks, threats, and current capabilities through a methodical and proven approach. From there, it will detail the people, process, and technology considerations when standing up or revitalizing an incident response (IR) program.
Specifically it will cover the four pillars of a modern IR function:
- Identify what must be protected
- Scope potential breach impact to the organization
- Define IR management capabilities
- Determine likely threats and their potential impact
Our featured speakers for this webinar will be:
- Ted Julian, Chief Marketing Officer, Co3 Systems
- Richard White, Solutions Principal, HP
Talking about Next-Gen Security Operation Center for IDNIC+APJII as representative from IDSECCONF. People-Centric SOC requires lot of investment on human in terms of quantity and quality, unfortunately, (good) IT security people are getting rare these days. Organisation need to put their investments more on technology, as in Industry 4.0, machines are getting more advanced to support Human on doing continuous and repetitive task.
Moving from “traditional” to next-gen SOC require proper plan, thats what this talk was about.
Ponemon Report: Cyber Security Incident Response: Are we as prepared as we th...Lancope, Inc.
Learn about the key mistakes organizations are making when it comes to incident response, presented by the chairman and founder of the Ponemon Institute, Dr. Larry Ponemon, and Lancope’s director of security research, Tom Cross. Then learn about how the right mix of people, processes and technology can dramatically improve your incident response efforts and elevate the importance of the CSIRT within your organization.
"Cyberhunting" actively looks for signs of compromise within an organization and seeks to control and minimize the overall damage. These rare, but essential, breed of enterprise cyber defenders give proactive security a whole new meaning.
Check out the accompanying webinar: http://www.hosting.com/resources/webinars/?commid=228353
Cyber-Espionage: Understanding the Advanced Threat LandscapeAaron White
Cutting through the APT hype to help businesses prevent, detect and mitigate advanced threats.
Sophisticated cyber-espionage operations aimed at pilfering
trade secrets and other sensitive data from corporate networks currently present the biggest threat to businesses. Advanced threat actors ranging from nation-state adversaries to organized cyber-crime gangs are using zero-day exploits, customized malware toolkits and clever social engineering tricks to break into corporate networks, avoid detection,
and steal valuable information over an extended period
of time.
In this presentation, we will cut through some of the hype
surrounding Advanced Persistent Threats (APTs), explain the
intricacies of these attacks and present recommendations to
help you improve your security posture through prevention,
detection and mitigation.
TIG / Infocyte: Proactive Cybersecurity for State and Local GovernmentInfocyte
This webinar and presentation outlines the Infocyte HUNT threat detection and incident response platform, and how it enables state and local government organizations:
- Reduce risk across local, off-network, and cloud IT assets
- Expose and eliminate hidden cyber threats and vulnerabilities
- Streamline your overall security operations
- Achieve and maintain compliance
Using Infocyte, TIG can provide their customers with cost-effective, easy-to-manage, and on-demand cybersecurity consulting services (e.g. compromise assessments, incident response) and managed security services (e.g. managed detection and response).
Visit https://www.infocyte.com/ to learn more and request a demo, or request a cybersecurity risk assessment (Compromise Assessment) using the link below:
https://www.infocyte.com/free-compromise-assessment/
Cyber Risk in e-Discovery: What You Need to KnowkCura_Relativity
From an April 2018 webinar, check out these insights on cybersecurity and its influence on e-discovery from John DeCraen of Alvarez & Marsal LLC and Nik Balepur of Relativity.
Detecting Unknown Attacks Using Big Data AnalysisEditor IJMTER
Nowadays threat of previously unknown cyber-attacks are increasing because existing security
systems are not able to detect them. Previously, leaking personal information by attacking the PC or
destroying the system was very common cyber attacks . But the goal of recent hacking attacks has changed
from leaking information and destruction of services to attacking large-scale systems such as critical
infrastructures and state agencies. In the other words, existing defence technologies to counter these attacks
are based on pattern matching methods which are very limited. Because of this fact, in the event of new and
previously unknown attacks, detection rate becomes very low and false negative increases. To defend
against these unknown attacks, which cannot be detected with existing technology, a new model based on
big data analysis techniques that can extract information from a variety of sources to detect future attacks is
proposed. The expectation with this model is future Advanced Persistent Threat (APT) detection and
prevention.
Lessons Learned Fighting Modern Cyberthreats in Critical ICS NetworksAngeloluca Barba
A presentation given in April 2019 in London during ICS Cyber Security Conference. I discuss an anonymized investigation conducted by our team to identify a real malware infection on a production network, the tools and techniques used to contain this threat and how to use threat intelligence and visibility to stay ahead of cyber adversaries.
Asset visibility and network baselining
Continuous network monitoring
Threat intelligence ingestion
Thorough incident response plans
Uvođenje novih sadržaja u nastavu digitalne forenzike i kibernetičke sigurnos...Damir Delija
Sažetak - U ovom radu razmatramo načine kontinuiranog uvođenje novih sadržaja u predmete s područja kibernetičke sigurnosti. Kao primjer navodimo „Osnove računalne forenzike“ u koji se novi sadržaji uvode korištenjem studentskih praktičnih i teoretskih radova, ideje za radove predlažu studenti i predavači. Predloženi postupak se sastoji iz testiranja kroz studentski rad, te ugradnje rezultata u nastavne materijale. Da bi se studentski rad uspješno koristio mora zadovoljiti niz zahtjeva: prilagođenost stupnju znanja studenta i raspoloživoj opremi, raspoloživost alata i sustava, jednostavna implementacija i prenosivost, upotreba alata otvorenog koda i slobodnih alata, te minimalna cijena.
Draft current state of digital forensic and data science Damir Delija
In this presentation we will introduce current state of digital forensics, its positioning in general IT security and relations with data science and data analyses. Many strong links exist among this technical and scientific fields, usually this links are not taken into consideration. For data owners, forensic researchers and investigators this connections and data views presents additional hidden values.
Concepts and Methodology in Mobile Devices Digital Forensics Education and Tr...Damir Delija
One of draft versios of "Concepts and Methodology in Mobile Devices Digital Forensics Education and Training",
Abstract - This paper presents various issues in digital forensics of mobile devices and how to address these issues in the related education and training process. Mobile devices forensics is a new, very fast developing field which lacks standardization, compatibility, tools, methods and skills. All this drawbacks have impact on the results of forensic process and also have deep influence in training and education process. In this paper real life experience in training is presented, with tools, devices, procedures and organization with purpose to improve process of mobile devices forensics and mobile forensic training and education
Acetabularia Information For Class 9 .docxvaibhavrinwa19
Acetabularia acetabulum is a single-celled green alga that in its vegetative state is morphologically differentiated into a basal rhizoid and an axially elongated stalk, which bears whorls of branching hairs. The single diploid nucleus resides in the rhizoid.
A Strategic Approach: GenAI in EducationPeter Windle
Artificial Intelligence (AI) technologies such as Generative AI, Image Generators and Large Language Models have had a dramatic impact on teaching, learning and assessment over the past 18 months. The most immediate threat AI posed was to Academic Integrity with Higher Education Institutes (HEIs) focusing their efforts on combating the use of GenAI in assessment. Guidelines were developed for staff and students, policies put in place too. Innovative educators have forged paths in the use of Generative AI for teaching, learning and assessments leading to pockets of transformation springing up across HEIs, often with little or no top-down guidance, support or direction.
This Gasta posits a strategic approach to integrating AI into HEIs to prepare staff, students and the curriculum for an evolving world and workplace. We will highlight the advantages of working with these technologies beyond the realm of teaching, learning and assessment by considering prompt engineering skills, industry impact, curriculum changes, and the need for staff upskilling. In contrast, not engaging strategically with Generative AI poses risks, including falling behind peers, missed opportunities and failing to ensure our graduates remain employable. The rapid evolution of AI technologies necessitates a proactive and strategic approach if we are to remain relevant.
Operation “Blue Star” is the only event in the history of Independent India where the state went into war with its own people. Even after about 40 years it is not clear if it was culmination of states anger over people of the region, a political game of power or start of dictatorial chapter in the democratic setup.
The people of Punjab felt alienated from main stream due to denial of their just demands during a long democratic struggle since independence. As it happen all over the word, it led to militant struggle with great loss of lives of military, police and civilian personnel. Killing of Indira Gandhi and massacre of innocent Sikhs in Delhi and other India cities was also associated with this movement.
Model Attribute Check Company Auto PropertyCeline George
In Odoo, the multi-company feature allows you to manage multiple companies within a single Odoo database instance. Each company can have its own configurations while still sharing common resources such as products, customers, and suppliers.
Macroeconomics- Movie Location
This will be used as part of your Personal Professional Portfolio once graded.
Objective:
Prepare a presentation or a paper using research, basic comparative analysis, data organization and application of economic information. You will make an informed assessment of an economic climate outside of the United States to accomplish an entertainment industry objective.
Normal Labour/ Stages of Labour/ Mechanism of LabourWasim Ak
Normal labor is also termed spontaneous labor, defined as the natural physiological process through which the fetus, placenta, and membranes are expelled from the uterus through the birth canal at term (37 to 42 weeks
2. Presentation plan
2
- Introduction into computer forensic and incident
response
• what it is
• legal and organisational issues
- EnCase approach
• Arhitecture, tools, methods
• approach forensic and incident response
• How it is done
3. Computer Forensic – a Definition
3
- A practical definition:
- “Computer Forensics is simply the application of
computer investigation and analysis techniques
in the interest of determining potential legal
evidence (Judd Robbins).”
4. Legal Definition of Forensics
4
- Daubert/Frye: The most important decisions governing the
use of scientific evidence in court are those of
Daubert(Federal)/Frye(California).
- There are four primary factors according to Daubert/Frye that
should be considered before ruling on the admissibility of scientific
evidence:
• Whether the theory or technique has been reliably tested;
• Whether the theory or technique has been subjected to peer
review and publication;
• What is the known or potential rate of error of the method
used;
• Whether the theory or method has been generally accepted by
the scientific community.
5. Role of the EnCase suite
5
- EnCase Suite - Guidance Software
www.guidancesoftware.com
- Central point in the system security, other usual security
related tools are subordinates (feeds and actuators)
- Act as standalone or as enterprise wide tool
- It is supposed to react on incidents or to control system, both
in same sound digital forensic way
- Examiner wokstation is a workplace for incident responder,
examiner, auditor, controler - all in same consitent manner,
legaly acceptable
- Predefined roles, ranges, users and events
- Use other parts of incident response infrastructure like
ticketing system, help desk, IPS, IDS, etc ...
6. What are our threats?
6
Others (Unknown)
Regulatory compliance IP theft (eg. external consultant
Classified Disgruntled employees
Data leakage
Human error Client Competitors
Fraud Virus outbreaks
Inappropriate content Unauthorised software
Deliberate attack (hackers)
7. Integrating Forensic into IR
7
What is an incident to you? How do you respond?
- Virus outbreak? - Manual processes?
- Stolen laptop? - Take Computers off the
- Inappropriate usage? network?
- Legal requirement for - Suspend Employees?
electronic data? - External investigative
- Unauthorised software? consultancy?
- Inappropriate content? - Outsource data collection?
- Classified data appearing in - Press release / PR?
the wrong environments? - Hope and Pray?
- Data leakage? - Ignore?
- IP theft?
- Disgruntled employee?
8. Latest analytics (1)
8
Who is behind data breaches?
- 73% resulted from external sources
- 18% were caused by insiders
- 39% implicated business partners
- 30% involved multiple parties
How do breaches occur?
- 62% were attributed to a significant error
- 59% resulted from hacking and intrusions
- 31% incorporated malicious code
- 22% exploited a vulnerability
- 15% were due to physical threats
Source: "2008 DATA BREACH INVESTIGATIONS REPORT", A Study CONDUCTED BY
THE VERIZON BUSINESS RISK TEAM, 10th June 2008
9. Latest analytics (2)
9
What commonalities exist?
66% involved data the victim did not know was on the
system
75% of breaches were not discovered by the victim
83% of attacks were not highly difficult
85% of breaches were the result of opportunistic attacks
87% were considered avoidable through reasonable
controls
Source: "2008 DATA BREACH INVESTIGATIONS REPORT", A Study CONDUCTED BY
THE VERIZON BUSINESS RISK TEAM, 10th June 2008
10. Latest analytics (3)
10
Nine out of 10 data breaches incidents involved one of the
following:
• A system unknown to the organization (or business group
affected)
• A system storing data that the organization did not know
existed on that system
• A system that had unknown network connections or
accessibility
• A system that had unknown accounts or privileges
Source: "2008 DATA BREACH INVESTIGATIONS REPORT", A Study CONDUCTED BY
THE VERIZON BUSINESS RISK TEAM, 10th June 2008
11. How do we deal with these threats today?
11
Reactively
•We manually investigate incidents, which is time consuming
•We employ 3rd party consultancies to collect data for compliance
•We quarantine computers from the network (disrupting operations)
•We need multiple tools to investigate and solve problems
•We have to wait for our AV vendor to supply signatures for new
outbreaks
Proactively
•We cannot search the network for IP or other sensitive data
•We cannot search for unauthorised software or malicious code
•We cannot forensically remove data or malicious processes
•We don’t have time to investigate disgruntled employees
•We can’t identify potential risks comprehensively
12. Implement Incident Response
infrastructure 15
- Implement Encase Enterprise as a core
• define additional funcionalities and plugins for Encase
• trainig, testing, support, etc
- Integrate it with other tools
• IDS, IPS, network management, physical security, system
administration, etc...
• Help Desk system, trouble ticketing system
- Develop lifecycle for effcient Incident Response
System
• policies, controls, reports, tests etc...
• keep IR system proactive, healty and efficient
13. Anti-Forensics
16
Anti-forensics is any and all actions
taken by an unauthorized intruder to
conceal evidence
securely deleting critical log files is
•
considered an antiforensic technique.
- discovered use of antiforensics in 39% cases
- this will be a trend to watch over the next years
Source:
"2008 DATA BREACH INVESTIGATIONS REPORT",
A Study CONDUCTED BY THE VERIZON BUSINESS RISK TEAM
14. Incident Response Recommendations
18
- Align process with policy
- Achieve “essential” then worry about “excellent”
- Secure business partner connections
- Create a data retention plan
- Control data with transaction zones
- Monitor event logs
- Create an incident response plan
- Increase awareness
- Engage in mock incident testing
15. IT security dependencies
19
- IT security depends on core competencies:
• People - skill and knowledge problem
• Process - there are standards and best practices
• Technologies - control of usage and fuctions
- This can be achived by
• developing enterprise investigative infrastructure
• use of forensics technologies as core part of IR
16. EnCase Enterprise (EE) Platform
20
Key capabilities
Covertly investigate across the network on live machines
Bit level analysis able to uncover deleted and hidden data
Also able to analyse volatile data in RAM
Sweep enterprise for hacker code like key loggers & root kits
Court validated as forensically sound
Role based access control and encrypted data flow
Business benefits
Respond to HR/IT requests much faster
Conduct many more investigations with the same resource
Rules employees in or out of investigations covertly
Collects court validate evidence of wrong doing
17. EnCase Incident Response
21
Key capabilities
Can integrate directly with IDS and SIM solutions
Automatically collects volatile data at point of attack or infection
Threat can be killed immediately on target machine
Scan and kill threat across entire network very quickly
Business benefits
Acts on intelligence provided by SIM
Guarantees collection of intelligence 24x7x365
Removes threat from entire estate without disrupting operations
Helps enhance defences by offering real actionable intelligence
Drives the true value out of IDS and SIM solutions
An effective way to counter “Day Zero” attacks !
18. Case Review IR
22
A professional Malicious attacker tries to penetrate your network and
you have netForensics deployed.
The SIM (netForensics) & other perimeter defence products
throw up hi-priority alerts
Alert passed on to EnCase Enterprise
Automatic Snapshot of target machine retrieved (all
processes running in RAM of target)
Your SIRT team analyse snapshot results to determine
malicious processes
Process can be killed remotely and forensically wiped on
target node
Malicious/Rogue process hashed and enterprise sweep
carried out to determine extent of breach. Can be remotely
wiped on all “infected” nodes to clean network
19. Kill Malicious Process – options
23
Choice of deleting the process file, or
deleting and wiping from hard drive