From Tim_Stiller@rapid7.com Wed May 27 18:52:58 2015
Date: Wed, 27 May 2015 17:44:02 +0000
From: Tim Stiller <Tim_Stiller@rapid7.com>
To: "lss-pc@lists.linuxfoundation.org" <lss-pc@lists.linuxfoundation.org>
Subject: [lss-pc] CFP: Linux Incident Response

Paper Title: Linux Incident Response 

Author: Mike Scutt and Tim Stiller

Topic Category: Linux, Incident Response

Abstract Text: While Windows is still the dominating operating system, Linux has seen a steady increase of adoption by many organizations in both the private and public sectors. This adoption opens up new avenues to attackers and can increase the companies attack footprint if not properly hardened. Many companies commonly deploy these hosts without any hardening, patching or isolation to the Internet resulting in unauthorized access and potential data loss. Performing IR on a compromised Linux host involves the capture of volatile data (memory snapshots, processes, ports) and non-volatile data (log files, dropped files, file based persistence). Analysis may also contain logs from proxies, intrusion detection systems and firewalls. In addition to forensics analysis, the responder must provide thorough documentation and timeline of events based upon the completed analysis. With this data, the organization can begin the remediation process and incorporate better detections to fu
 rther mitigate the threat.


Best Regards, 

Tim Stiller | Consultant, Analytic Response

_______________________________________________
lss-pc mailing list
lss-pc@lists.linuxfoundation.org
https://lists.linuxfoundation.org/mailman/listinfo/lss-pc