Added by on 2011-06-27

Lets pick up where we left off with the rootkit and post-exploitation video ( Except, we are now doing incident response. First you’ll see some normal live forensics on the victim and come up with nothing. Then we show how using network forensics techniques (looking at the victim from the outside) we start to see clear evidence of "doh! we’ve been owned". We walk through how to see these signs and prove to them that what Windows and traditional forensics is telling them is a LIE in this particular investigation. You’ll learn how to do this type of forensics technique and many more from our InfoSec Institute Computer Forensics Boot Camp:

Comments are closed.