Slides for a college course based on "Incident Response & Computer Forensics, Third Edition" by by Jason Luttgens, Matthew Pepe, and Kevin Mandia, at City College San Francisco.
Website: https://samsclass.info/152/152_F18.shtml
CNIT 121: 12 Investigating Windows Systems (Part 1 of 3)Sam Bowne
Slides for a college course based on "Incident Response & Computer Forensics, Third Edition" by by Jason Luttgens, Matthew Pepe, and Kevin Mandia.
Teacher: Sam Bowne
Twitter: @sambowne
Website: https://samsclass.info/121/121_F16.shtml
CNIT 152: 12 Investigating Windows Systems (Part 2 of 3)Sam Bowne
Slides for a college course based on "Incident Response & Computer Forensics, Third Edition" by by Jason Luttgens, Matthew Pepe, and Kevin Mandia, at City College San Francisco.
Website: https://samsclass.info/152/152_F18.shtml
Slides for a college course based on "Incident Response & Computer Forensics, Third Edition" by by Jason Luttgens, Matthew Pepe, and Kevin Mandia.
Teacher: Sam Bowne
Twitter: @sambowne
Website: https://samsclass.info/121/121_F16.shtml
CNIT 121: 13 Investigating Mac OS X SystemsSam Bowne
Slides for a college course based on "Incident Response & Computer Forensics, Third Edition" by by Jason Luttgens, Matthew Pepe, and Kevin Mandia.
Teacher: Sam Bowne
Twitter: @sambowne
Website: https://samsclass.info/121/121_F16.shtml
For a college course at City College San Francisco.
Based on: "Incident Response & Computer Forensics, Third Edition" by by Jason Luttgens, Matthew Pepe, and Kevin Mandia, ASIN: B00JFG7152
More information at: https://samsclass.info/152/152_F19.shtml
CNIT 121: 12 Investigating Windows Systems (Part 3)Sam Bowne
Slides for a college course based on "Incident Response & Computer Forensics, Third Edition" by by Jason Luttgens, Matthew Pepe, and Kevin Mandia.
Teacher: Sam Bowne
Twitter: @sambowne
Website: https://samsclass.info/121/121_F16.shtml
CNIT 121: 12 Investigating Windows Systems (Part 1 of 3)Sam Bowne
Slides for a college course based on "Incident Response & Computer Forensics, Third Edition" by by Jason Luttgens, Matthew Pepe, and Kevin Mandia.
Teacher: Sam Bowne
Twitter: @sambowne
Website: https://samsclass.info/121/121_F16.shtml
CNIT 152: 12 Investigating Windows Systems (Part 2 of 3)Sam Bowne
Slides for a college course based on "Incident Response & Computer Forensics, Third Edition" by by Jason Luttgens, Matthew Pepe, and Kevin Mandia, at City College San Francisco.
Website: https://samsclass.info/152/152_F18.shtml
Slides for a college course based on "Incident Response & Computer Forensics, Third Edition" by by Jason Luttgens, Matthew Pepe, and Kevin Mandia.
Teacher: Sam Bowne
Twitter: @sambowne
Website: https://samsclass.info/121/121_F16.shtml
CNIT 121: 13 Investigating Mac OS X SystemsSam Bowne
Slides for a college course based on "Incident Response & Computer Forensics, Third Edition" by by Jason Luttgens, Matthew Pepe, and Kevin Mandia.
Teacher: Sam Bowne
Twitter: @sambowne
Website: https://samsclass.info/121/121_F16.shtml
For a college course at City College San Francisco.
Based on: "Incident Response & Computer Forensics, Third Edition" by by Jason Luttgens, Matthew Pepe, and Kevin Mandia, ASIN: B00JFG7152
More information at: https://samsclass.info/152/152_F19.shtml
CNIT 121: 12 Investigating Windows Systems (Part 3)Sam Bowne
Slides for a college course based on "Incident Response & Computer Forensics, Third Edition" by by Jason Luttgens, Matthew Pepe, and Kevin Mandia.
Teacher: Sam Bowne
Twitter: @sambowne
Website: https://samsclass.info/121/121_F16.shtml
Slides for a college course based on "Incident Response & Computer Forensics, Third Edition" by by Jason Luttgens, Matthew Pepe, and Kevin Mandia, at City College San Francisco.
Website: https://samsclass.info/152/152_F18.shtml
Slides for a college course based on "Incident Response & Computer Forensics, Third Edition" by by Jason Luttgens, Matthew Pepe, and Kevin Mandia.
Teacher: Sam Bowne
Website: https://samsclass.info/121/121_F16.shtml
CNIT 152: 4 Starting the Investigation & 5 LeadsSam Bowne
Slides for a college course based on "Incident Response & Computer Forensics, Third Edition" by by Jason Luttgens, Matthew Pepe, and Kevin Mandia, at City College San Francisco.
Website: https://samsclass.info/152/152_F18.shtml
Slides for a college course based on "Incident Response & Computer Forensics, Third Edition" by by Jason Luttgens, Matthew Pepe, and Kevin Mandia.
Teacher: Sam Bowne
Twitter: @sambowne
Website: https://samsclass.info/121/121_F16.shtml
Slides for a college course based on "Incident Response & Computer Forensics, Third Edition" by by Jason Luttgens, Matthew Pepe, and Kevin Mandia, at City College San Francisco.
Website: https://samsclass.info/152/152_F18.shtml
Slides for a college course based on "Incident Response & Computer Forensics, Third Edition" by by Jason Luttgens, Matthew Pepe, and Kevin Mandia, at City College San Francisco.
Website: https://samsclass.info/152/152_F18.shtml
CNIT 121: 12 Investigating Windows Systems (Part 2 of 3)Sam Bowne
Slides for a college course based on "Incident Response & Computer Forensics, Third Edition" by by Jason Luttgens, Matthew Pepe, and Kevin Mandia.
Teacher: Sam Bowne
Twitter: @sambowne
Website: https://samsclass.info/121/121_F16.shtml
CNIT 121: 6 Discovering the Scope of the Incident & 7 Live Data CollectionSam Bowne
Slides for a college course based on "Incident Response & Computer Forensics, Third Edition" by by Jason Luttgens, Matthew Pepe, and Kevin Mandia.
Teacher: Sam Bowne
Website: https://samsclass.info/121/121_F16.shtml
Slides for a college course based on "Incident Response & Computer Forensics, Third Edition" by by Jason Luttgens, Matthew Pepe, and Kevin Mandia.
Teacher: Sam Bowne
Twitter: @sambowne
Website: https://samsclass.info/121/121_F16.shtml
Slides for a college course based on "Incident Response & Computer Forensics, Third Edition" by by Jason Luttgens, Matthew Pepe, and Kevin Mandia.
Teacher: Sam Bowne
Website: https://samsclass.info/121/121_F16.shtml
Slides for a college course based on "Incident Response & Computer Forensics, Third Edition" by by Jason Luttgens, Matthew Pepe, and Kevin Mandia, at City College San Francisco.
Website: https://samsclass.info/152/152_F18.shtml
Slides for a college course based on "Incident Response & Computer Forensics, Third Edition" by by Jason Luttgens, Matthew Pepe, and Kevin Mandia.
Teacher: Sam Bowne
Website: https://samsclass.info/121/121_F16.shtml
CNIT 152: 4 Starting the Investigation & 5 LeadsSam Bowne
Slides for a college course based on "Incident Response & Computer Forensics, Third Edition" by by Jason Luttgens, Matthew Pepe, and Kevin Mandia, at City College San Francisco.
Website: https://samsclass.info/152/152_F18.shtml
Slides for a college course based on "Incident Response & Computer Forensics, Third Edition" by by Jason Luttgens, Matthew Pepe, and Kevin Mandia.
Teacher: Sam Bowne
Twitter: @sambowne
Website: https://samsclass.info/121/121_F16.shtml
Slides for a college course based on "Incident Response & Computer Forensics, Third Edition" by by Jason Luttgens, Matthew Pepe, and Kevin Mandia, at City College San Francisco.
Website: https://samsclass.info/152/152_F18.shtml
Slides for a college course based on "Incident Response & Computer Forensics, Third Edition" by by Jason Luttgens, Matthew Pepe, and Kevin Mandia, at City College San Francisco.
Website: https://samsclass.info/152/152_F18.shtml
CNIT 121: 12 Investigating Windows Systems (Part 2 of 3)Sam Bowne
Slides for a college course based on "Incident Response & Computer Forensics, Third Edition" by by Jason Luttgens, Matthew Pepe, and Kevin Mandia.
Teacher: Sam Bowne
Twitter: @sambowne
Website: https://samsclass.info/121/121_F16.shtml
CNIT 121: 6 Discovering the Scope of the Incident & 7 Live Data CollectionSam Bowne
Slides for a college course based on "Incident Response & Computer Forensics, Third Edition" by by Jason Luttgens, Matthew Pepe, and Kevin Mandia.
Teacher: Sam Bowne
Website: https://samsclass.info/121/121_F16.shtml
Slides for a college course based on "Incident Response & Computer Forensics, Third Edition" by by Jason Luttgens, Matthew Pepe, and Kevin Mandia.
Teacher: Sam Bowne
Twitter: @sambowne
Website: https://samsclass.info/121/121_F16.shtml
Slides for a college course based on "Incident Response & Computer Forensics, Third Edition" by by Jason Luttgens, Matthew Pepe, and Kevin Mandia.
Teacher: Sam Bowne
Website: https://samsclass.info/121/121_F16.shtml
oracle linux administration | oracle linux training - oracle trainingsOnlineOracleTrainings
oracle linux administration course is a Red Hat Enterprise Linux. To learn the advanced topics of oracle linux training request for the demo at oracle trainings
Oracle Linux Administration Course Content
For More Information You Can Contact Us @:
Mail id: inbox.oracletrainings@gmail.com
phone: + 91 8121 020 111
Oracle Linux Administration Course Content
Introduction
• Virtualization
• Course environment Elements
• Course structure
Oracle Linux Introduction
• Development of Linux Kernel
• Model of Linux kernel development
• Linux distributions
• Oracle's commitment to the success of Linux
• Oracle's technical contribution to the Linux community
• Oracle's Unbreakable Enterprise Kernel
Oracle Linux 7 Installing
• Obtaining Oracle Linux 7
• Oracle Software Delivery Cloud
• Anaconda installer
• Installation steps
• Firstboot tool
Oracle Linux 7 Boot Process
• Oracle Linux 7 boot process
• GRUB 2 bootloader
• kernel boot parameters
• systemd system & service manager
• systemd service units
• The systemctl utility
• systemd target units
System Configuration
• Configure the system date time
• Use the Network Time Protocol
• Configuring NTP by using Chrony
• System configuration files
• Proc filesystem
• Sysfs filesystem
• Sysctl utility
Package Management
• Introduction to Oracle Linux package management
• The rpm utility
• Oracle Public Yum server
• Yum configuration
• The yum utility
• Oracle Unbreakable Linux Network
• ULN channels
• Switching from RHN to ULN
Ksplice
• Introduction to Ksplice
• How Ksplice work
• Ksplice implementation
• Ksplice package on ULN
• Using Ksplice Uptrack
• Ksplice Uptrack command summary
• Ksplice Offline Client
Automate Tasks
• Automating the system tasks
• Configuring cron jobs
• Other cron directories and files
• The crontab utility
• Configure the anacron jobs
• The at & batch utilities
Kernel Module Configuration
• Loadable Kernel Modules
• Using the lsmod utility
• Using the modinfo utility
• Loading & unloading kernel modules
• Using the modprobe utility
• The insmod, depmod & rmmod utilities
• ASM Cluster File System (ACFS) & ASM Dynamic Volume Manager (ADVM) drivers
• Kernel module parameter
User & Group Administration
• User & group configuration files
• Adding a user account
• Modifying & deleting user accounts
• Group account administration
• User Private Group
• Password configuration
• User Manager Tools
• su & sudo commands
Presentation of WebScripts Server (tool to executes CLI scripts in a Web Interface). Get the source code from https://github.com/mauricelambert/WebScripts/ and documentation from https://webscripts.readthedocs.io/en/latest/. This project help SOC, devops and administrator teams to share scripts and environments with their teams or people without IT knowledge.
Dojo given at ESEI, Uvigo.
The slides include a set of great slides from a presentation made by Elvin Sindrilaru at CERN.
Docker is an open platform for building, shipping and running distributed applications. It gives programmers, development teams and operations engineers the common toolbox they need to take advantage of the distributed and networked nature of modern applications.
Big Data Architecture Workshop - Vahid Amiridatastack
Big Data Architecture Workshop
This slide is about big data tools, thecnologies and layers that can be used in enterprise solutions.
TopHPC Conference
2019
Unit 8 - Information and Communication Technology (Paper I).pdfThiyagu K
This slides describes the basic concepts of ICT, basics of Email, Emerging Technology and Digital Initiatives in Education. This presentations aligns with the UGC Paper I syllabus.
How to Make a Field invisible in Odoo 17Celine George
It is possible to hide or invisible some fields in odoo. Commonly using “invisible” attribute in the field definition to invisible the fields. This slide will show how to make a field invisible in odoo 17.
The French Revolution, which began in 1789, was a period of radical social and political upheaval in France. It marked the decline of absolute monarchies, the rise of secular and democratic republics, and the eventual rise of Napoleon Bonaparte. This revolutionary period is crucial in understanding the transition from feudalism to modernity in Europe.
For more information, visit-www.vavaclasses.com
Operation “Blue Star” is the only event in the history of Independent India where the state went into war with its own people. Even after about 40 years it is not clear if it was culmination of states anger over people of the region, a political game of power or start of dictatorial chapter in the democratic setup.
The people of Punjab felt alienated from main stream due to denial of their just demands during a long democratic struggle since independence. As it happen all over the word, it led to militant struggle with great loss of lives of military, police and civilian personnel. Killing of Indira Gandhi and massacre of innocent Sikhs in Delhi and other India cities was also associated with this movement.
Biological screening of herbal drugs: Introduction and Need for
Phyto-Pharmacological Screening, New Strategies for evaluating
Natural Products, In vitro evaluation techniques for Antioxidants, Antimicrobial and Anticancer drugs. In vivo evaluation techniques
for Anti-inflammatory, Antiulcer, Anticancer, Wound healing, Antidiabetic, Hepatoprotective, Cardio protective, Diuretics and
Antifertility, Toxicity studies as per OECD guidelines
2024.06.01 Introducing a competency framework for languag learning materials ...Sandy Millin
http://sandymillin.wordpress.com/iateflwebinar2024
Published classroom materials form the basis of syllabuses, drive teacher professional development, and have a potentially huge influence on learners, teachers and education systems. All teachers also create their own materials, whether a few sentences on a blackboard, a highly-structured fully-realised online course, or anything in between. Despite this, the knowledge and skills needed to create effective language learning materials are rarely part of teacher training, and are mostly learnt by trial and error.
Knowledge and skills frameworks, generally called competency frameworks, for ELT teachers, trainers and managers have existed for a few years now. However, until I created one for my MA dissertation, there wasn’t one drawing together what we need to know and do to be able to effectively produce language learning materials.
This webinar will introduce you to my framework, highlighting the key competencies I identified from my research. It will also show how anybody involved in language teaching (any language, not just English!), teacher training, managing schools or developing language learning materials can benefit from using the framework.
Embracing GenAI - A Strategic ImperativePeter Windle
Artificial Intelligence (AI) technologies such as Generative AI, Image Generators and Large Language Models have had a dramatic impact on teaching, learning and assessment over the past 18 months. The most immediate threat AI posed was to Academic Integrity with Higher Education Institutes (HEIs) focusing their efforts on combating the use of GenAI in assessment. Guidelines were developed for staff and students, policies put in place too. Innovative educators have forged paths in the use of Generative AI for teaching, learning and assessments leading to pockets of transformation springing up across HEIs, often with little or no top-down guidance, support or direction.
This Gasta posits a strategic approach to integrating AI into HEIs to prepare staff, students and the curriculum for an evolving world and workplace. We will highlight the advantages of working with these technologies beyond the realm of teaching, learning and assessment by considering prompt engineering skills, industry impact, curriculum changes, and the need for staff upskilling. In contrast, not engaging strategically with Generative AI poses risks, including falling behind peers, missed opportunities and failing to ensure our graduates remain employable. The rapid evolution of AI technologies necessitates a proactive and strategic approach if we are to remain relevant.
Francesca Gottschalk - How can education support child empowerment.pptxEduSkills OECD
Francesca Gottschalk from the OECD’s Centre for Educational Research and Innovation presents at the Ask an Expert Webinar: How can education support child empowerment?
A Strategic Approach: GenAI in EducationPeter Windle
Artificial Intelligence (AI) technologies such as Generative AI, Image Generators and Large Language Models have had a dramatic impact on teaching, learning and assessment over the past 18 months. The most immediate threat AI posed was to Academic Integrity with Higher Education Institutes (HEIs) focusing their efforts on combating the use of GenAI in assessment. Guidelines were developed for staff and students, policies put in place too. Innovative educators have forged paths in the use of Generative AI for teaching, learning and assessments leading to pockets of transformation springing up across HEIs, often with little or no top-down guidance, support or direction.
This Gasta posits a strategic approach to integrating AI into HEIs to prepare staff, students and the curriculum for an evolving world and workplace. We will highlight the advantages of working with these technologies beyond the realm of teaching, learning and assessment by considering prompt engineering skills, industry impact, curriculum changes, and the need for staff upskilling. In contrast, not engaging strategically with Generative AI poses risks, including falling behind peers, missed opportunities and failing to ensure our graduates remain employable. The rapid evolution of AI technologies necessitates a proactive and strategic approach if we are to remain relevant.
8. Nine Structures
1. Boot blocks
• First 1024 bytes of volume
• Typically empty on modern systems
2. Volume Header and Alternate Volume Header
•Located 1024 bytes from the beginning of
the volume
•Information about the volume, including the
location of other structures
11. Mac Timestamps
•All in local time
•HFS+ Volume
•Create date, modify date, backup date,
checked date
•File
•Access, modify, inode change, inode birth
time (file creation)
15. Catalog File
• Details hierarchy of files and folders in the system
• Each file and folder has a unique catalog node ID
(CNID)
16. Attributes File
• Optional
• Used for named forks
• Additional metadata assigned to a file
• Like Microsoft's Alternate Data Streams
• Stores origin of files from the Internet, and tags
like "Green" and "Important"
20. Spotlight
• Metadata indexing and searching service
• Indexers examine the content of files to find
keywords
• Some index entire content, others only import
metadata
21. Spotlight
• Can be used to search a live system
• Not much use for a static acquisition
• Indexes are deleted when a file is deleted
• No tools are available to parse the data stored
by the Spotlight indexer once it's extracted
from a drive image
22. Managed Storage
• New in Mac OS X Lion (10.7)
• Allows apps to continuously save data
• Uses daemon "revisiond"
• Saves data on volumes under the "hidden"
directory
• /.DocumentRevisions-V100
23. Capturing db Files
• Copy them to another folder
• Originals are in use and won't open
• db.sqlite shows files used with timestamps
28. File System Layout
• Four domains for data classification
• Local
• System
• Network
• User
29. Local Domain
• Applications and configurations that are shared
among all users of a system
• Administrative privileges required to modify
data in this domain
• These directories are in the local domain:
30. System Domain
• Data installed by Apple, and a few specialized
low-level utilities
• Most useful domain for intrusion investigations
because it contains the system logs
• Includes all the traditional Unix structures, all of
which require administrative privileges to
modify
• /bin, /usr, /dev, /etc, and so on, also /System
31. Network Domain
• Applications and data stored here is shared
among a network of systems and users
• In practice, rarely populated with data
• Located under the /Network directory
32. User Domain
• Primary source of data for most other
investigations
• Contains user home directories and a shared
directory
• All user-created content and configurations will
be found under /Users
• High-privilege and Unix-savvy users may break
this model
33. MacPorts Package Manager
• Lets you add BSD packages to your Mac
• Very useful
• Requires command-line developer tools
• Link Ch 13b
37. Inside the Bundle
• Right-click, Show Package Contents
• Subdirectories
• MacOS, Resources, Library, Frameworks,
PlugIns, SharedSupport
• Developers can put anything in these
directories
• VMware Fusion's Library folder contains
command-line utilities to manage the VMware
hypervisor
39. Package Contents
• Contains additional metadata
• Time and date stamps show when the app was
installed
• A good place to hide data
40. /Developer
• Used by XCode, Apple's development
environment
• Until recently, all development tools, SDKs,
documentation, and debugging tools were here
• Later versions of XCode moved the tools
• This directory may still be present on some
systems
41. /Library
• /System/Library
• App settings for the operating system
• /Library
• Settings shared between users
• /Users/username/Library
• User-specific settings
42. Application Support
• /Library/Application Support
• /User/username/Library/Application Support
• Settings, caches, license information, and
anything else desired by the developer
51. WebServer
• /Library/WebServer
• Apache, installed on every copy of Mac OS X,
is started when a user turns on Web sharing
• (Removed from Preferences in 10.8)
• This folder is Apache's Document Root
52. File Types
• Used by nearly every application
• Property lists (.plist)
• Tools: plutil on Mac, "plist Explorer" on
Windows
• SQLite databases
• Tools: Firefox Plugin SQLite Manager,
sqlitebrowser
55. Traditional Unix Paths
• Some investigations are based entirely on data
found here, such as log files
• /System directory is structured similarly to the
/Library directory
• Locations where applications maintain
persistence
• Requires administrator privileges to create or
modify files
56. Artifacts
• System logs in /var/log
• Databases in /var/db
• Records of printed data in the CUPS log
• System sleep image
• Software imported using MacPorts or Fink, or
compiled in place, may be in /opt
60. User and Service
Configuration
• Apple uses LDAP for enterprise management
and Directory Services for local user
management
• Directory Services doesn't use the traditional
Unix files /etc/passwd and /etc/groups
• Data in SQLite databases and binary-formatted
property lists
61. The Evidence
• Directory Service data is in
/private/var/db/dslocal
• Databases (or nodes) for the local system are in
the subdirectory nodes/Default
• My password hash is on the next slide
• More info at links Ch 13c and 13d
64. Mojave
• Now password hashes are inaccessible
• Even to root
• Hashes can still be captured from Recovery
Mode under some circumstances
• Link Ch 13g
66. sqlindex
• In /private/var/db/dslocal
• Maintains creation and modification time for the
plist files in the directory structure
• And information on the relationships between
the data
• Automatically backed up to /private/var/db/
dslocal-backup.xar (a gzip tar file)
67. Analysis of sqlindex
• Shows when a share was created
• Whether an account existed, and its privilege
level
69. Sharepoints
• Status of the share for
• AFP (Apple Filing Protocol)
• SMB (Server Message Block)
• FTP (File Transfer Protocol)
• Sharepoint names and share path
• When the share was created
70. Trash and Deleted Files
• Files deleted from USB sticks go into a Trash
folder on the stick, labeled by user ID, like
• /Volumes/USBDRIVE/.Trashes/501
71. System Auditing,
Databases, and Logging
• Open Source Basic Security Module (OpenBSM)
• Powerful auditing system
• Logs:
• File access
• Network connections
• Execution of applications and their
command-line options
72. OpenBSM
• Default configuration doesn't save detailed
information and is of limited use for IR
• Configuration files in /etc/security
• Primary file is audit_control
73. OpenBSM
• This configuration will log everything for all
users, and
• Login/logout, administrative events,
processes, and network activity
74. Helper Services
• Run in background
• Track events or common data
• Maintain state with SQLite databases or
property list
• Examples:
75. Airportd
• Runs in an application sandbox
• Configured in /usr/share/sandbox