Welcome to Scribd!

POA Forensics

Uploaded by

0% found this document useful (0 votes)

7 views1 page

The document outlines the steps for investigating an infection detected on a device or server. It involves gathering information like the detection timeline and device logs. The investigation examines network logs to identify suspicious communications, validates domains and IPs using threat intelligence, and analyzes event, security, application and EDR logs to correlate events with network connections. For servers, it also involves analyzing WAF, application, server and firewall logs, and the registry and scheduled tasks for persistence. The final step is blocking all infection vectors to prevent spreading.

Original Description:

Original Title

POA-Forensics

Copyright

Available Formats

DOCX, PDF, TXT or read online from Scribd

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Report this Document

Copyright:

Available Formats

Download as DOCX, PDF, TXT or read online from Scribd

Flag for inappropriate content

0% found this document useful (0 votes)

7 views1 page

POA Forensics

Uploaded by

sartlabs

Copyright:

Available Formats

Download as DOCX, PDF, TXT or read online from Scribd

Flag for inappropriate content

Jump to Page

You are on page 1of 1

Search inside document

A.

Information Gathering:
1) Investigation Requirement.
2) Exact Timeline of Infection detection.
3) Logs from the infected device
 Event Logs
 Firewall Logs
 EDR/AV Logs
4) In case of server
 Server Logs
 Firewall Logs
 Application Logs
 WAF Logs

B. Steps of Investigation:
1) In order to identify the suspicious communication over the network start with
examining Firewall Logs/Proxy Logs/Network Traffic Logs.
2) Based on analysis identify/determine the communication observed towards outside
of business domain on suspicious port.
3) Based on these logs enlist all the suspicious domain/IP address &validate them on
threat intel platforms.
4) It will help us to identify if any C2 communication is present.

C. Moving Forward will start investigating system Event Logs.

1) In system Event Logs we will try to correlate the events observed with respect to the
identified suspicious network connections.
2) We will analyse the system system security Logs to validate any system level security
changes are observed.
3) We will analyse system application logs
4) We will analyse system EDR logs.

D. Moving forward will start investigating Server

1) In case of Server we will analyse below mentioned logs
 WAF Logs
 Application Logs
 Server Logs
 Firewall/Network Logs
2) In order to Identify if any persistence will investigate registry key, scheduled task
3) Based on analysis report will enlist all threat vector and will block the same at
respective devices to prevent infection spreading.

Wireless and Mobile Hacking and Sniffing Techniques
From Everand
Wireless and Mobile Hacking and Sniffing Techniques
Dr. Hidaia Mahmood Alassouli
No ratings yet
Wireless Hacking Basics for Beginners
From Everand
Wireless Hacking Basics for Beginners
abilash vijaykumar
No ratings yet
Footprinting, Reconnaissance, Scanning and Enumeration Techniques of Computer Networks
From Everand
Footprinting, Reconnaissance, Scanning and Enumeration Techniques of Computer Networks
Dr. Hidaia Mahmood Alassouli
No ratings yet
Summary of Clifford Stoll's CUCKOO'S EGG
From Everand
Summary of Clifford Stoll's CUCKOO'S EGG
IRB Media
No ratings yet
Network Forensics: 6.1 The Purpose of Network Security
Document6 pages
Network Forensics: 6.1 The Purpose of Network Security
Shnshsns
No ratings yet
TCP IP Vulnerabilities
Document17 pages
TCP IP Vulnerabilities
Hemant Sudhir Wavhal
No ratings yet
CISA EXAM-Testing Concept-Firewall
From Everand
CISA EXAM-Testing Concept-Firewall
Hemang Doshi
Rating: 2.5 out of 5 stars
2.5/5 (2)
SOC Playbooks
Document13 pages
SOC Playbooks
MJ
100% (2)
Ransomware Infection Protection
Document14 pages
Ransomware Infection Protection
Hafiz Safwan
No ratings yet
Network Security Traceback Attack and React in the United States Department of Defense Network
From Everand
Network Security Traceback Attack and React in the United States Department of Defense Network
Edmond K. Machie
No ratings yet
Firewall: Visit For More Learning Resources
Document26 pages
Firewall: Visit For More Learning Resources
George JR Bagsao
No ratings yet
Linux Malware Incident Response: A Practitioner's Guide to Forensic Collection and Examination of Volatile Data: An Excerpt from Malware Forensic Field Guide for Linux Systems
From Everand
Linux Malware Incident Response: A Practitioner's Guide to Forensic Collection and Examination of Volatile Data: An Excerpt from Malware Forensic Field Guide for Linux Systems
Eoghan Casey
No ratings yet
How to Defeat Advanced Malware: New Tools for Protection and Forensics
From Everand
How to Defeat Advanced Malware: New Tools for Protection and Forensics
Henry Dalziel
No ratings yet
Network Scanning Techniques
Document17 pages
Network Scanning Techniques
jangdini
No ratings yet
Ccna Security
Document81 pages
Ccna Security
Brahim El-Asri
100% (1)
Cisco CCNA Security
Document85 pages
Cisco CCNA Security
PaoPound Homnual
No ratings yet
CISA Exam-Intrusion Detection System (IDS) & Intrusion Prevention System (IPS)-Domain 5
From Everand
CISA Exam-Intrusion Detection System (IDS) & Intrusion Prevention System (IPS)-Domain 5
Hemang Doshi
No ratings yet
Computer and Information Security Handbook
From Everand
Computer and Information Security Handbook
John R. Vacca
Rating: 2.5 out of 5 stars
2.5/5 (4)
Penetration Testing Fundamentals-2: Penetration Testing Study Guide To Breaking Into Systems
From Everand
Penetration Testing Fundamentals-2: Penetration Testing Study Guide To Breaking Into Systems
Devi Prasad
No ratings yet
Fundamentos de Seguridad de la Red
From Everand
Fundamentos de Seguridad de la Red
NUMA EDITORIAL
No ratings yet
1 Malware (AV) - Unresolved Malware Detected
Document9 pages
1 Malware (AV) - Unresolved Malware Detected
siemxpert
No ratings yet
CSE3502-Information Security Management Digital Assignment-2 Audit Report
Document13 pages
CSE3502-Information Security Management Digital Assignment-2 Audit Report
Shadow
No ratings yet
Broadband Network Virus Detection System Based On Bypass Monitor
Document4 pages
Broadband Network Virus Detection System Based On Bypass Monitor
John Gacheru
No ratings yet
CCNA Security Chapter 1 Assessment
Document5 pages
CCNA Security Chapter 1 Assessment
p6aes2008
100% (2)
CCNAS Chapter 1 CCNA Security 1
Document10 pages
CCNAS Chapter 1 CCNA Security 1
Sergiy Kalmuk
No ratings yet
Answer CCNA Security Chapter 1 Test - CCNAS v1.1: Probe, Penetrate, Persist, Propagate, and Paralyze
Document10 pages
Answer CCNA Security Chapter 1 Test - CCNAS v1.1: Probe, Penetrate, Persist, Propagate, and Paralyze
Franco Salerno
No ratings yet
24 25
Document20 pages
24 25
Marlon Campoverde
No ratings yet
24 25 Fusionado
Document164 pages
24 25 Fusionado
Marlon Campoverde
No ratings yet
Network Forensics Models For Converged Architectures: Ntroduction
Document7 pages
Network Forensics Models For Converged Architectures: Ntroduction
abdel_lak
No ratings yet
17514-2019-Winter-Model-Answer-Paper (Msbte Study Resources)
Document29 pages
17514-2019-Winter-Model-Answer-Paper (Msbte Study Resources)
aryasurve1210
No ratings yet
Cisco CCNA Security Chapter 1 Exam Answers
Document5 pages
Cisco CCNA Security Chapter 1 Exam Answers
stu3232
No ratings yet
System Security Questionnaire
Document2 pages
System Security Questionnaire
Abbas Haider
No ratings yet
003 Penetration Testing Report
Document10 pages
003 Penetration Testing Report
gurujm
No ratings yet
Practical List
Document2 pages
Practical List
hello
No ratings yet
Chapter 2 Cyber Offence and Cybercrime
Document37 pages
Chapter 2 Cyber Offence and Cybercrime
Bittu Deb
No ratings yet
CSA+ Review Questions
Document6 pages
CSA+ Review Questions
ewmbtrak
No ratings yet
Port Scans
Document7 pages
Port Scans
Lju Lju
No ratings yet
Network Security
Document17 pages
Network Security
Mahesh Sankpal
No ratings yet
9 Module 5 07 07 2023
Document90 pages
9 Module 5 07 07 2023
Shreya Rajpal
No ratings yet
Cisco CCNA Security, Chapter 1 Exam. Cisco CCNA Security, Chapter 1 Exam. Cisco CCNA Security, Chapter 1 Exam
Document54 pages
Cisco CCNA Security, Chapter 1 Exam. Cisco CCNA Security, Chapter 1 Exam. Cisco CCNA Security, Chapter 1 Exam
Alexa Jahen
No ratings yet
Prueba Cap 1 CCNA Security
Document11 pages
Prueba Cap 1 CCNA Security
Guillermo E Lobo P
No ratings yet
Splunk SOAR: Five Automation Use Cases For
Document13 pages
Splunk SOAR: Five Automation Use Cases For
Ayyansh&Amyrah Masurkar
No ratings yet
MuhammadNurKhawarizmi DTS
Document5 pages
MuhammadNurKhawarizmi DTS
Muhammad Nur Khawarizmi
No ratings yet
26 28
Document25 pages
26 28
Marlon Campoverde
No ratings yet
Network Forensics Part 2
Document10 pages
Network Forensics Part 2
SADRONU
No ratings yet
Overview of Vulnerability Scanning
Document4 pages
Overview of Vulnerability Scanning
Rohan Mehta
No ratings yet
BSC30923 - CyberSecurity Defence and Operations - CA4
Document7 pages
BSC30923 - CyberSecurity Defence and Operations - CA4
maheusperazzo
No ratings yet
Network Forensics
Document34 pages
Network Forensics
Rin Tohsaka
No ratings yet
CCNA Security Module 1 100%
Document4 pages
CCNA Security Module 1 100%
Akbal Larios
100% (1)
Volume 4 Issue 3 IJAIEM - Repaired - PDF
Document131 pages
Volume 4 Issue 3 IJAIEM - Repaired - PDF
International Journal of Application or Innovation in Engineering & Management
No ratings yet
CCNA Security - Chapter 1 Exam Answers
Document6 pages
CCNA Security - Chapter 1 Exam Answers
rockynaruto
0% (1)
Security Issues in Networks With Internet Access: Presented by Sri Vallabh Aida Janciragic Sashidhar Reddy
Document37 pages
Security Issues in Networks With Internet Access: Presented by Sri Vallabh Aida Janciragic Sashidhar Reddy
Harish Bedi
No ratings yet
OS Challanges and Security
Document5 pages
OS Challanges and Security
muhammad
No ratings yet
CS Exp1 201070080
Document22 pages
CS Exp1 201070080
Tanmay Navandar
No ratings yet
NETWORK SECURITY 2020/2021 Basic Theory: MODULE 9: Intrusion Detection System and Traffic Analysis
Document5 pages
NETWORK SECURITY 2020/2021 Basic Theory: MODULE 9: Intrusion Detection System and Traffic Analysis
Gilbert Parluhutan Siagian
No ratings yet
CCNA Security v2.0 Chapter 1 Exam Answers
Document5 pages
CCNA Security v2.0 Chapter 1 Exam Answers
Russell Fernandez
No ratings yet
Trusted Digital Circuits: Hardware Trojan Vulnerabilities, Prevention and Detection
From Everand
Trusted Digital Circuits: Hardware Trojan Vulnerabilities, Prevention and Detection
Hassan Salmani
No ratings yet
Hardware Supply Chain Security: Threat Modelling, Emerging Attacks and Countermeasures
From Everand
Hardware Supply Chain Security: Threat Modelling, Emerging Attacks and Countermeasures
Basel Halak
No ratings yet
Network Security
From Everand
Network Security
André Perez
No ratings yet
Managing Information Security
From Everand
Managing Information Security
John R. Vacca
No ratings yet