Hide search box
Advanced search
Book
Cover
(0)
Content preview Show table of contents
(incl. VAT) Net price: PLN
Purchase form
To cart

OS X Incident Response

Scripting and Analysis

Authors: Jaron Bradley Publisher: Elsevier Science Publication date: 2016 Publication language: Angielski Number of pages: 276 Publication formats: EAN: 9780128045039 ISBN: 9780128045039 Category: Computer security Operating systems Publisher's index: 9780128045039 Bibliographic note: Jaron Bradley has a background in host-based incident response and forensics. He entered the information security field as an incident responder immediately after graduating from Eastern Michigan University, where he received his degree in Information Assurance. He now works as a Senior Intrusion Analyst, with a focus on OS X and Linux based attacks.

Description

OS X Incident Response: Scripting and Analysis is written for analysts who are looking to expand their understanding of a lesser-known operating system. By mastering the forensic artifacts of OS X, analysts will set themselves apart by acquiring an up-and-coming skillset.

Digital forensics is a critical art and science. While forensics is commonly thought of as a function of a legal investigation, the same tactics and techniques used for those investigations are also important in a response to an incident. Digital evidence is not only critical in the course of investigating many crimes but businesses are recognizing the importance of having skilled forensic investigators on staff in the case of policy violations.

Perhaps more importantly, though, businesses are seeing enormous impact from malware outbreaks as well as data breaches. The skills of a forensic investigator are critical to determine the source of the attack as well as the impact. While there is a lot of focus on Windows because it is the predominant desktop operating system, there are currently very few resources available for forensic investigators on how to investigate attacks, gather evidence and respond to incidents involving OS X. The number of Macs on enterprise networks is rapidly increasing, especially with the growing prevalence of BYOD, including iPads and iPhones.

Author Jaron Bradley covers a wide variety of topics, including both the collection and analysis of the forensic pieces found on the OS. Instead of using expensive commercial tools that clone the hard drive, you will learn how to write your own Python and bash-based response scripts. These scripts and methodologies can be used to collect and analyze volatile data immediately.

For online source codes, please visit:

https://github.com/jbradley89/osx_incident_response_scripting_and_analysis

  • Focuses exclusively on OS X attacks, incident response, and forensics
  • Provides the technical details of OS X so you can find artifacts that might be missed using automated tools
  • Describes how to write your own Python and bash-based response scripts, which can be used to collect and analyze volatile data immediately
  • Covers OS X incident response in complete technical detail, including file system, system startup and scheduling, password dumping, memory, volatile data, logs, browser history, and exfiltration

TOC

  • Cover 2
  • Title Page 5
  • Copyright Page 6
  • Contents 7
  • Acknowledgments 11
  • Chapter 1 - Introduction 13
    • Is there really a threat to OS X? 13
    • What is OS X 14
    • The XNU Kernel 15
    • Digging Deeper 15
    • Requirements 16
    • Forensically sound versus incident response 16
    • Incident Response Process 16
    • The Kill Chain 18
    • Applying the Killchain 20
Show more

Author's affiliation

Jaron Bradley: Senior Intrusion Analyst, CrowdStrike