Cargando…
OS X incident response : scripting and analysis /
Written for analysts who are looking to expand their understanding of a lesser-known operating system, this book focuses exclusively on OS X attacks, incident response, and forensics, and covers a wide variety of topics, including both the collection and analysis of the forensic pieces found on the...
| Clasificación: | Libro Electrónico |
|---|---|
| Autor principal: | |
| Formato: | Electrónico eBook |
| Idioma: | Inglés |
| Publicado: |
Cambridge, MA :
Syngress Publishers is an imprint of Elsevier,
2016.
|
| Temas: | |
| Acceso en línea: | Texto completo |
MARC
| LEADER | 00000cam a2200000Ii 4500 | ||
|---|---|---|---|
| 001 | SCIDIR_ocn949752822 | ||
| 003 | OCoLC | ||
| 005 | 20231120112108.0 | ||
| 006 | m o d | ||
| 007 | cr |n||||||||| | ||
| 008 | 160512s2016 mau o 001 0 eng d | ||
| 040 | |a YDXCP |b eng |e rda |e pn |c YDXCP |d OPELS |d OCLCF |d N$T |d COO |d D6H |d K6U |d DEBSZ |d LIV |d U3W |d OCLCA |d VVB |d EZ9 |d AU@ |d WYU |d UKMGB |d OCLCO |d OCLCQ |d OCLCO | ||
| 015 | |a GBB670176 |2 bnb | ||
| 016 | 7 | |a 017857237 |2 Uk | |
| 019 | |a 958083936 |a 958392745 | ||
| 020 | |a 9780128045039 |q (electronic bk.) | ||
| 020 | |a 0128045035 |q (electronic bk.) | ||
| 020 | |z 012804456X | ||
| 020 | |z 9780128044568 | ||
| 035 | |a (OCoLC)949752822 |z (OCoLC)958083936 |z (OCoLC)958392745 | ||
| 050 | 4 | |a QA76.9.A25 | |
| 072 | 7 | |a COM |x 060040 |2 bisacsh | |
| 072 | 7 | |a COM |x 043050 |2 bisacsh | |
| 072 | 7 | |a COM |x 053000 |2 bisacsh | |
| 082 | 0 | 4 | |a 005.8 |2 23 |
| 100 | 1 | |a Bradley, Jaron, |e author. | |
| 245 | 1 | 0 | |a OS X incident response : |b scripting and analysis / |c Jaron Bradley. |
| 264 | 1 | |a Cambridge, MA : |b Syngress Publishers is an imprint of Elsevier, |c 2016. | |
| 300 | |a 1 online resource. | ||
| 336 | |a text |b txt |2 rdacontent | ||
| 337 | |a computer |b c |2 rdamedia | ||
| 338 | |a online resource |b cr |2 rdacarrier | ||
| 500 | |a Includes index. | ||
| 588 | 0 | |a Online resource; title from PDF title page (ScienceDirect, viewed May 19, 2016). | |
| 504 | |a Includes bibliographical references. | ||
| 520 | |a Written for analysts who are looking to expand their understanding of a lesser-known operating system, this book focuses exclusively on OS X attacks, incident response, and forensics, and covers a wide variety of topics, including both the collection and analysis of the forensic pieces found on the OS. -- |c Edited summary from book. | ||
| 505 | 0 | |a Cover; Title Page; Copyright Page; Contents; Acknowledgments ; Chapter 1 -- Introduction; Is there really a threat to OS X?; What is OS X; The XNU Kernel; Digging Deeper; Requirements; Forensically sound versus incident response; Incident Response Process; The Kill Chain; Applying the Killchain; Analysis environment; Malware Scenario; Chapter 2 -- Incident Response Basics; Introduction; Picking a language; Python; Ruby; Bash; Root versus nonroot; Yara; Basic Commands for Every Day Analysis; grep; egrep; cut; awk; sed; sort; uniq; Starting an IR Script; Collection; Analysis; Analysis Scripts. | |
| 505 | 8 | |a Yarafly.shYara Results Sorted and Counted; Conclusion; Chapter 3 -- Bash Commands; Introduction; Basic Bash commands; System Info; date; hostname; uptime; sw_vers; uname (-a); spctl ( -- status); bash -version; Who Info; whoami; who; w; finger (-m); last (); screen (-ls) (-x); User information; id; groups; printenv; dscl . -ls /Users; Process Information; ps (aux); Network Information; ifconfig; netstat (-ru) (-an); lsof (-p ) (-i); smbutil (statshares -a); arp (-a); security dump-trust-settings (-s) (-d); networksetup; System startup; launchctl list; crontab -l; atq; kextstat. | |
| 505 | 8 | |a Additional Commandsmdfind (-name) (-onlyin); sysctl (-a); history; security list-keychains; nvram; du -h; diskutil list; Miscellaneous; codesign (-d) (-vv); file; md5; tcpdump; printenv; nettop (-m); DTrace; Bash Environment Variables; Scripting the Collection; Analysis; Conclusion; Chapter 4 -- File System; Introduction; Brief history; HFS+ overview; Volume Header; Allocation File; Catalog File; Attributes B-Tree; Inodes, Timestamps, Permissions, and Ownership; Inodes; Timestamps; Timestamps for Files; Timestamps for Folders; Permissions; Special File Permissions; Directory Permissions. | |
| 505 | 8 | |a Sticky BitExtended Attributes; Access Control Lists; Resource Forks; File Types and Traits; OS X Specific File Extensions; .dmg; .kext; .plist; .app; .dylib; .pkg; Mach-O binary; Popular Scripting Languages Found on OS X; File Hierarchy Layout; /Applications; /Library; /System; /Users; /Volumes; /.vol; /bin; /usr; /cores; /sbin; /dev; /etc; /tmp; /private; /var; Miscellaneous Files; Hidden Files and Directories; .DS_Store; .Spotlight-V100; .metadata_never_index; .noindex; File Artifacts; Logs and Rotation; Key File Artifacts. | |
| 630 | 0 | 0 | |a Mac OS. |
| 650 | 0 | |a Computer security. | |
| 650 | 0 | |a Intrusion detection systems (Computer security) | |
| 650 | 0 | |a Computer crimes |x Investigation. | |
| 650 | 6 | |a S�ecurit�e informatique. |0 (CaQQLa)201-0061152 | |
| 650 | 6 | |a Syst�emes de d�etection d'intrusion (S�ecurit�e informatique) |0 (CaQQLa)000265106 | |
| 650 | 6 | |a Criminalit�e informatique |x Enqu�etes. |0 (CaQQLa)201-0278229 | |
| 650 | 7 | |a COMPUTERS |x Security |x Online Safety & Privacy. |2 bisacsh | |
| 650 | 7 | |a COMPUTERS |x Security |x Networking. |2 bisacsh | |
| 650 | 7 | |a COMPUTERS |x Security |x General. |2 bisacsh | |
| 630 | 0 | 7 | |a Mac OS |2 fast |0 (OCoLC)fst01386304 |
| 650 | 7 | |a Computer crimes |x Investigation |2 fast |0 (OCoLC)fst00872065 | |
| 650 | 7 | |a Computer security |2 fast |0 (OCoLC)fst00872484 | |
| 650 | 7 | |a Intrusion detection systems (Computer security) |2 fast |0 (OCoLC)fst01762593 | |
| 776 | 0 | 8 | |i Print version: |z 012804456X |z 9780128044568 |w (OCoLC)944209939 |
| 856 | 4 | 0 | |u https://sciencedirect.uam.elogim.com/science/book/9780128044568 |z Texto completo |