确保事件响应中的数据完整性.pdf

《确保事件响应中的数据完整性.pdf》由会员分享，可在线阅读，更多相关《确保事件响应中的数据完整性.pdf（64页珍藏版）》请在三个皮匠报告上搜索。

1、 2025 Stroz Friedberg LLC.All rights reserved.Proprietary.Do not share,copy or use without the express permission of Stroz Friedberg,LLC.Ensuring Data Integrity in Incident Response:Tools and Techniques for Forensically Sound Log ExtractionColin Meek:Consultant,Stroz Friedberg DFIRStroz Friedberg 20

2、25 Stroz Friedberg LLC.All rights reserved.Proprietary.Do not share,copy or use without the express permission of Stroz Friedberg,LLC.Agenda1.Why Log Quality Matters During DFIR Investigations2.Building Log Collection Tools with APIsDocumented+Undocumented3.Verifying the Output of Log Collection Too

3、lsLog Anomaly and Validity Analyzer(LAVA)2025 Stroz Friedberg LLC.All rights reserved.Proprietary.Do not share,copy or use without the express permission of Stroz Friedberg,LLC.colinMeek.lo:No such file or directoryhead colinMeek.lo 2025 Stroz Friedberg LLC.All rights reserved.Proprietary.Do not sha

4、re,copy or use without the express permission of Stroz Friedberg,LLC.Colin MeekConsultant,Stroz Friedberg LLCDigital Forensics and Incident ResponseWashington,DCUVA Computer ScienceCyber Security BackgroundCerts:GCFE,GCFASoftware DevelopmentPenetration TestingDFIRhead colinhead.colinMeek.log 2025 St

5、roz Friedberg LLC.All rights reserved.Proprietary.Do not share,copy or use without the express permission of Stroz Friedberg,LLC.Why Log Quality Matters During DFIR Investigations 2025 Stroz Friedberg LLC.All rights reserved.Proprietary.Do not share,copy or use without the express permission of Stro

6、z Friedberg,LLC.EmailVPNFirewallEDRCloud PlatformsWindows Event LogsLinux SyslogsWebApplicationWhy Log Quality Matters During DFIR Investigations 2025 Stroz Friedberg LLC.All rights reserved.Proprietary.Do not share,copy or use without the express permission of Stroz Friedberg,LLC.Source:AWS CloudTr