Incident Response and Forensic Course Disk Image Cataloging Project Concepts and Deliverables.

Slides:



Advertisements
Similar presentations
Windows 7 Test Prep Ch 2 Part 3.
Advertisements

INSTALLING LINUX.  Identify the proper Hardware  Methods for installing Linux  Determine a purpose for the Linux Machine  Linux File Systems  Linux.
Linux Installation LINUX INSTALLATION. Download LINUX Linux Installation To install Red Hat, you will need to download the ISO images (CD Images) of the.
Linux+ Guide to Linux Certification, Second Edition
Windows Deployment Services WDS for Large Scale Enterprises and Small IT Shops Presented By: Ryan Drown Systems Administrator for Krannert.
Linux+ Guide to Linux Certification, Second Edition Chapter 3 Linux Installation and Usage.
Lesson 15 – INSTALL AND SET UP NETWARE 5.1. Understanding NetWare 5.1 Preparing for installation Installing NetWare 5.1 Configuring NetWare 5.1 client.
Honeywall CD-ROM. Developers and Speakers  Dave Dittrich University of Washington  Rob McMillen USMC  Jeff Nathan Sygate  William Salusky AOL.
11 INSTALLING WINDOWS XP Chapter 2. Chapter 2: Installing Windows XP2 INSTALLING WINDOWS XP  Prepare a computer for the installation of Microsoft Windows.
Pacific North West Honeynet Project Dave Dittrich The Information School University of Washington DIMACS Large Scale Attack Workshop, Sept. 23, 2003.
Manuka project IEEE IA Workshop June 10, Agenda Introduction Inspiration to Solution Manuka Use SE Approach Conclusion.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 12: Managing and Implementing Backups and Disaster Recovery.
PNW Honeynet Overview. Agenda What is a Honeynet What is the PNW Honeynet Alliance Who is involved in the project Where to get more information.
MCITP: Microsoft Windows Vista Desktop Support - Enterprise Section 1: Prepare to Deploy.
Honeywall CD-ROM. 2 Developers and Speakers  Dave Dittrich University of Washington  Rob McMillen USMC  Jeff Nathan Sygate  William Salusky AOL.
Do MUCH More with Less Presented by: Jon Farley 2W Technologies.
MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 2 Installing Windows Server 2008.
 Contents 1.Introduction about operating system. 2. What is 32 bit and 64 bit operating system. 3. File systems. 4. Minimum requirement for Windows 7.
Installation Ubuntu for Libraries. Step 1: Download Head on to Pick Ubuntu LTS; just click the big orange.
How to Install Windows 7.
VMWare Workstation Installation. Starting Vmware Workstation Go to the start menu and start the VMware Workstation program. *Note: The following instructions.
Installing Linux Redhat: A how to guide in installing and configuring Redhat 6.2.
Machine Emulation & Developer Workstation Environment – Microsoft’s VirtualPC Dan Dyer Metrolist, Inc.
Capturing Computer Evidence Extracting Information.
Installing and Upgrading Windows. Any OS Provides the fundamental link between user and hardware We have to install an OS, not just copy files from one.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 12: Managing and Implementing Backups and Disaster Recovery.
Red Hat Installation. Installing Red Hat Linux is the process of copying operating system files from a CD, DVD, or USB flash drive to hard disk(s) on.
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 14: Problem Recovery.
Hands-on: Capturing an Image with AccessData FTK Imager
VMWare Workstation Installation. Starting Vmware Workstation Go to the start menu and start the VMware Workstation program. *Note: The following instructions.
Symantec Ghost Effective Disk Cloning Software. What is Ghost? “Ghost is a software product from Symantec that can clone (copy) the entire contents of.
Linux+ Guide to Linux Certification Chapter Three Linux Installation and Usage.
Chapter-4 Windows 2000 Professional Win2K Professional provides a very usable interface and was designed for use in the desktop PC. Microsoft server system.
WINDOWS XP PROFESSIONAL Bilal Munir Mughal Chapter-1 1.
F8-Noncommercial-Based Forensic Duplications Dr. John P. Abraham Professor UTPA.
11 INSTALLING WINDOWS XP PROFESSIONAL Chapter 2. Chapter 2: INSTALLING WINDOWS XP PROFESSIONAL2 OVERVIEW  Install Windows XP Professional  Upgrade from.
Guide to Linux Installation and Administration, 2e1 Chapter 3 Installing Linux.
A+ Guide to Managing and Maintaining Your PC Fifth Edition Chapter 15 Installing and Using Windows XP Professional.
VMWare Workstation Installation. Starting Vmware Workstation Go to the start menu and start the VMware Workstation program. *Note: The following instructions.
IT Essentials 1 v4.0 Chapters 4 & 5 JEOPARDY RouterModesWANEncapsulationWANServicesRouterBasicsRouterCommands RouterModesWANEncapsulationWANServicesRouterBasicsRouterCommands.
Day 4 Understanding Hardware Partitions Linux Boot Sequence.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 12: Managing and Implementing Backups and Disaster Recovery.
© 2012 The McGraw-Hill Companies, Inc. All rights reserved. 1 Third Edition Chapter 5 Windows XP Professional McGraw-Hill.
Installing Windows 2000 BY: Joshua Wilburn, Arnol Vaquero.
Module 1: Installing Microsoft Windows XP Professional.
Step By Step Windows Server 2003 Installation Guide Step By Step Windows Server 2003 Installation Guide.
W2K Server Installation It is very important that before you begin to install Windows 2000 Server, you must prepare for the installation by gathering specific.
Chapter 14 Supporting Windows 2000 Professional. 14 You Will Learn… n About the different operating systems within the Windows 2000 suite n About the.
Terminal Servers in Schools A second life for your older computers.
Data Science Background and Course Software setup Week 1.
Digital Forensics Dr. Bhavani Thuraisingham The University of Texas at Dallas Network Forensics - III November 3, 2008.
Chapter 8: Installing Linux The Complete Guide To Linux System Administration.
Hands-On Virtual Computing
 Contents 1.Introduction about operating system. 2. Minimum requirement for Windows 7 operating system. 3. Procedure to install Window 7 operating system.
HOW TO INSTALL WINDOWS 7? This step-by-step guide demonstrates how to install Windows 7 Ultimate. The guide is similar for other versions of Windows 7.
Hands-On Microsoft Windows Server 2008 Chapter 7 Configuring and Managing Data Storage.
Automating Installations by Using the Microsoft Windows 2000 Setup Manager Create setup scripts simply and easily. Create and modify answer files and UDFs.
Chapter 5 Server Installation NT Server Requirements NT Server File Systems Installation.
Windows XP Professional Installation Types ©Richard L. Goldman February 5, 2003.
Linux Introduction Linux was developed in the early 1990’s by Linus Torvald computer science student at the University of Helsinki Linux is distributed.
BY: SALMAN 1.
CompTIA Server+ Certification (Exam SK0-004)
DIT314 ~ Client Operating System & Administration
Red hat Installation 2 Live CD.
Create setup scripts simply and easily.
BY: SALMAN.
Effective Disk Cloning Software
Installing Linux Redhat:
WINDOW 7 INSTALLATION Prepared By:- Mr. Pawan Kumar
Presentation transcript:

Incident Response and Forensic Course Disk Image Cataloging Project Concepts and Deliverables

Major Goals Guide implementation of several GenII “Honeywalls” (honeynets) Capture images of compromised systems Enter these (and “clean” images) into a database for retrieval or comparison Implement a client/server in FIRE for loading these images onto systems over the network Implement some integrity checking functions in FIRE to simplify analysis

Honeynet Research Alliance “Pacific Northwest Honeynet Project” (?) Open to UW, SU, ISU (etc?) students Related to this project, but only as much as it benefits the project More hands/eyes to install, monitor, test… Network diversity Honeypot diversity Increased chances of “interesting” activity

Honeynets Locations: UW, SU, ISU networks Using new GenII “Honeywall CD-ROM” Intel PC with three NICs >20GB hard drive 512MB RAM Honeypots will be Windows 2000, Linux One or more honeypots per honeynet Start independent, then centralize logs later

Honeypots Preparation Entire drive written with zeros (no residue) Partitions as small as possible (minimize footprint in database and network transfer time) partitions on each drive Operating System “live” partition Image copy of OS (not mounted) Swap partition (if OS requires one) MD5 hash both OS partitions before going “live” (to verify integrity) MD5 hash all blocks (to find changes faster) [Automate using database & client/server]

Database Index on useful attributes OS type (e.g., Windows, Linux) OS version (e.g., Win2k, RH7.2) Services enabled Partitions used Partition sizes MD5/SHA1 hashes of partitions MD5/SHA1 hashes of blocks on OS partition Status (e.g., Clean, Compromised) Etc…

Front end Runs on custom FIRE CD User interface to database Client/server to manage bits on disk Upload bits on disk to database Hash partitions/blocks, gather attributes, etc. Chose image, prep drive, load Chose image, compare with bits on disk (detect changes since install)

Use in Forensic Course Lab Student boots lab system using custom FIRE CD Chooses which compromised system to analyze Bits loaded to disk, verified Student performs analysis, answers specific questions (which are compared with analysis in database) Repeat…

Use by Honeynet Alliance group Do once for each unique honeypot Zero drive Install/configure OS and services Reboot w/custom FIRE CD Hash partitions/blocks while loading into database From then on… Boot w/ custom FIRE CD Chose honeypot to clone Go get coffee/tea/Jolt while honeypot is cloned

Resources “The Use of Honeynets to Detect Exploited Systems Across Large Enterprise Networks” honeynet.pdf honeynet.pdf

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.