427 Botnet fm qxd



Download 6,98 Mb.
Pdf ko'rish
bet153/387
Sana03.12.2022
Hajmi6,98 Mb.
#878307
1   ...   149   150   151   152   153   154   155   156   ...   387
Bog'liq
Botnets - The killer web applications

www.syngress.com
180
Chapter 5 • Botnet Detection: Tools and Techniques
Continued
427_Botnet_05.qxd 1/9/07 9:59 AM Page 180


Work with forensically sterile media to avoid cross-
contamination.

Document everything. The chain of evidence should show
who obtained the evidence; what it consists of; how, when
and where it was obtained; who was responsible for securing
it; and who has had control of, possession of, or access to the
evidence. While gathering the evidence, you must:

Record every command and switch executed as part of the
examination

Avoid installing software on the target disk

Record time and date stamps before they’re changed
Even if you’re not expecting to be called into court at some point,
it still makes sense to work as though you might be. First, it’s just pos-
sible that an incident might take an unexpected legal turn. Second, if
your evidence gathering is scrupulous enough to meet evidential
admissibility rules, it’s going to be difficult for higher management to
say it’s invalid in the event of your running aground on one of those
political sandbars we all know and love. 
Process
In the real world of computer forensics, each job begins with an ops or oper-
ations order that provides the details for managing the case as well as
describing what you are expected to do. When gathering intelligence about
botnet clients, you should do the same. Develop a naming convention for all
case-related files and folders so that the mountain of data you gather can be
useful two to three months later.
Each case is different, so in this section we will describe actions taken in a
real botnet infestation.The basic ideas will be the same as presented here, but
the problem-solving aspect will vary significantly.
In this infestation we got our first indication of its existence when a server
began scanning for other recruits. Using the investigative techniques described
here, we found, over a period of four months, 200+ botnet clients that were
not detected by our network sensors.This infestation was either Rbot or
Phatbot or both. Both of these botnet types use password-guessing attacks

Download 6,98 Mb.

Do'stlaringiz bilan baham:
1   ...   149   150   151   152   153   154   155   156   ...   387



Ma'lumotlar bazasi mualliflik huquqi bilan himoyalangan ©hozir.org 2024
ma'muriyatiga murojaat qiling
kiriting | ro'yxatdan o'tish
    Bosh sahifa
юртда тантана
Боғда битган
Бугун юртда
Эшитганлар жилманглар
Эшитмадим деманглар
битган бодомлар
Yangiariq tumani
qitish marakazi
Raqamli texnologiyalar
ilishida muhokamadan
tasdiqqa tavsiya
tavsiya etilgan
iqtisodiyot kafedrasi
steiermarkischen landesregierung
asarlaringizni yuboring
o'zingizning asarlaringizni
Iltimos faqat
faqat o'zingizning
steierm rkischen
landesregierung fachabteilung
rkischen landesregierung
hamshira loyihasi
loyihasi mavsum
faolyatining oqibatlari
asosiy adabiyotlar
fakulteti ahborot
ahborot havfsizligi
havfsizligi kafedrasi
fanidan bo’yicha
fakulteti iqtisodiyot
boshqaruv fakulteti
chiqarishda boshqaruv
ishlab chiqarishda
iqtisodiyot fakultet
multiservis tarmoqlari
fanidan asosiy
Uzbek fanidan
mavzulari potok
asosidagi multiservis
'aliyyil a'ziym
billahil 'aliyyil
illaa billahil
quvvata illaa
falah' deganida
Kompyuter savodxonligi
bo’yicha mustaqil
'alal falah'
Hayya 'alal
'alas soloh
Hayya 'alas
mavsum boyicha

yuklab olish