![]() Many Intrusion Detection Systems and Firewalls offer the ability to download the PCAP of a falgged event. ![]() An enterprise grade installation is the same general idea but a very different discussion beyond the scope of this post. For an idea of how sensors are placed to gather network traffic check out my article, “Building a SIEM at Home”. Packet Capture (PCAP) files are tremendous resources for investigations when they are available. To Log Analysis: Malicious IP Addresses, Malicious Filenames.From Log Analysis: Malicious IP Addresses, Malicious Filenames.To Memory Analysis: Malicious IP Addresses, Malicious Filenames.From Memory Analysis: Malicious IP Addresses, Malicious Filenames.To Disk Analysis: Malicious IP Addresses, Malicious Filenames.From Disk Analysis: Malicious IP Addresses, Malicious Filenames.A great piece of software to take Screen Shots is Greenshot.A great note keeping App that teams can use to coordinate is OneNote.The reader should quickly understand what they’re looking at Examples: Highlights, Boxes, Arrows Text.Notes should be accompanied by screenshots that tell a story.Understand your own thinking later… or after sleep.This is for team mates to understand your thinking. ![]()
0 Comments
Leave a Reply. |