Charles Boeckman - MITRE Corporation
Students: Spring 2024, unless noted otherwise, sessions will be virtual on Zoom.
Forensic Analysis of Computer Compromises
Apr 02, 1999
Abstract
A key step between detecting an attack and reacting to an intrusion is understanding the attack and why it is successful. Questions that must be investigated before a detected or suspected attack can be understood include: Who performed the attack? How did they perform the attack? What damage was caused by the attack? To answer these questions, a compromised system must be examined to identify evidence left behind by the attacker. To be successful at determining the nature of an attack, a systematic methodology must be identified. The MITRE Corporation has developed a methodology for use in investigating compromised systems. The results of this work include a Linux based analysis tool that implement the methodology called the Forensic Intrusion Analysis Tool (FIAT). The application, which is written in PERL, can be used in a networked environment where data related to a system compromise may exist on multiple hosts such as a firewall or an intrusion detection system.About the Speaker
![Charles Boeckman](/news_and_events/events/security_seminar/images/charles_boeckman.jpg)
Ways to Watch
![YouTube](/assets/images/youtube_200.png)