OS X incident response : scripting and analysis / (Record no. 247331)
[ view plain ]
| 000 -LEADER | |
|---|---|
| fixed length control field | 04942cam a2200613Ii 4500 |
| 001 - CONTROL NUMBER | |
| control field | ocn949752822 |
| 003 - CONTROL NUMBER IDENTIFIER | |
| control field | OCoLC |
| 005 - DATE AND TIME OF LATEST TRANSACTION | |
| control field | 20190328114815.0 |
| 006 - FIXED-LENGTH DATA ELEMENTS--ADDITIONAL MATERIAL CHARACTERISTICS | |
| fixed length control field | m o d |
| 007 - PHYSICAL DESCRIPTION FIXED FIELD--GENERAL INFORMATION | |
| fixed length control field | cr |n||||||||| |
| 008 - FIXED-LENGTH DATA ELEMENTS--GENERAL INFORMATION | |
| fixed length control field | 160512s2016 mau o 001 0 eng d |
| 040 ## - CATALOGING SOURCE | |
| Original cataloging agency | YDXCP |
| Language of cataloging | eng |
| Description conventions | rda |
| -- | pn |
| Transcribing agency | YDXCP |
| Modifying agency | OPELS |
| -- | OCLCF |
| -- | N$T |
| -- | COO |
| -- | D6H |
| -- | K6U |
| -- | DEBSZ |
| -- | LIV |
| -- | U3W |
| -- | OCLCA |
| -- | VVB |
| -- | EZ9 |
| -- | AU@ |
| -- | WYU |
| 019 ## - | |
| -- | 958083936 |
| -- | 958392745 |
| 020 ## - INTERNATIONAL STANDARD BOOK NUMBER | |
| International Standard Book Number | 9780128045039 |
| Qualifying information | (electronic bk.) |
| 020 ## - INTERNATIONAL STANDARD BOOK NUMBER | |
| International Standard Book Number | 0128045035 |
| Qualifying information | (electronic bk.) |
| 020 ## - INTERNATIONAL STANDARD BOOK NUMBER | |
| Canceled/invalid ISBN | 012804456X |
| 020 ## - INTERNATIONAL STANDARD BOOK NUMBER | |
| Canceled/invalid ISBN | 9780128044568 |
| 035 ## - SYSTEM CONTROL NUMBER | |
| System control number | (OCoLC)949752822 |
| Canceled/invalid control number | (OCoLC)958083936 |
| -- | (OCoLC)958392745 |
| 050 #4 - LIBRARY OF CONGRESS CALL NUMBER | |
| Classification number | QA76.9.A25 |
| 072 #7 - SUBJECT CATEGORY CODE | |
| Subject category code | COM |
| Subject category code subdivision | 060040 |
| Source | bisacsh |
| 072 #7 - SUBJECT CATEGORY CODE | |
| Subject category code | COM |
| Subject category code subdivision | 043050 |
| Source | bisacsh |
| 072 #7 - SUBJECT CATEGORY CODE | |
| Subject category code | COM |
| Subject category code subdivision | 053000 |
| Source | bisacsh |
| 082 04 - DEWEY DECIMAL CLASSIFICATION NUMBER | |
| Classification number | 005.8 |
| Edition number | 23 |
| 100 1# - MAIN ENTRY--PERSONAL NAME | |
| Personal name | Bradley, Jaron, |
| Relator term | author. |
| 245 10 - TITLE STATEMENT | |
| Title | OS X incident response : scripting and analysis / |
| Medium | [electronic resource] |
| Statement of responsibility, etc. | Jaron Bradley. |
| 264 #1 - PRODUCTION, PUBLICATION, DISTRIBUTION, MANUFACTURE, AND COPYRIGHT NOTICE | |
| Place of production, publication, distribution, manufacture | Cambridge, MA : |
| Name of producer, publisher, distributor, manufacturer | Syngress Publishers is an imprint of Elsevier, |
| Date of production, publication, distribution, manufacture, or copyright notice | 2016. |
| 300 ## - PHYSICAL DESCRIPTION | |
| Extent | 1 online resource. |
| 336 ## - CONTENT TYPE | |
| Content type term | text |
| Content type code | txt |
| Source | rdacontent |
| 337 ## - MEDIA TYPE | |
| Media type term | computer |
| Media type code | c |
| Source | rdamedia |
| 338 ## - CARRIER TYPE | |
| Carrier type term | online resource |
| Carrier type code | cr |
| Source | rdacarrier |
| 500 ## - GENERAL NOTE | |
| General note | Includes index. |
| 588 0# - SOURCE OF DESCRIPTION NOTE | |
| Source of description note | Online resource; title from PDF title page (ScienceDirect, viewed May 19, 2016). |
| 504 ## - BIBLIOGRAPHY, ETC. NOTE | |
| Bibliography, etc | Includes bibliographical references. |
| 520 ## - SUMMARY, ETC. | |
| Summary, etc. | Written for analysts who are looking to expand their understanding of a lesser-known operating system, this book focuses exclusively on OS X attacks, incident response, and forensics, and covers a wide variety of topics, including both the collection and analysis of the forensic pieces found on the OS. -- |
| Assigning source | Edited summary from book. |
| 505 0# - FORMATTED CONTENTS NOTE | |
| Formatted contents note | Cover; Title Page; Copyright Page; Contents; Acknowledgments ; Chapter 1 -- Introduction; Is there really a threat to OS X?; What is OS X; The XNU Kernel; Digging Deeper; Requirements; Forensically sound versus incident response; Incident Response Process; The Kill Chain; Applying the Killchain; Analysis environment; Malware Scenario; Chapter 2 -- Incident Response Basics; Introduction; Picking a language; Python; Ruby; Bash; Root versus nonroot; Yara; Basic Commands for Every Day Analysis; grep; egrep; cut; awk; sed; sort; uniq; Starting an IR Script; Collection; Analysis; Analysis Scripts. |
| 505 8# - FORMATTED CONTENTS NOTE | |
| Formatted contents note | Yarafly.shYara Results Sorted and Counted; Conclusion; Chapter 3 -- Bash Commands; Introduction; Basic Bash commands; System Info; date; hostname; uptime; sw_vers; uname (-a); spctl ( -- status); bash -version; Who Info; whoami; who; w; finger (-m); last (); screen (-ls) (-x); User information; id; groups; printenv; dscl . -ls /Users; Process Information; ps (aux); Network Information; ifconfig; netstat (-ru) (-an); lsof (-p ) (-i); smbutil (statshares -a); arp (-a); security dump-trust-settings (-s) (-d); networksetup; System startup; launchctl list; crontab -l; atq; kextstat. |
| 505 8# - FORMATTED CONTENTS NOTE | |
| Formatted contents note | Additional Commandsmdfind (-name) (-onlyin); sysctl (-a); history; security list-keychains; nvram; du -h; diskutil list; Miscellaneous; codesign (-d) (-vv); file; md5; tcpdump; printenv; nettop (-m); DTrace; Bash Environment Variables; Scripting the Collection; Analysis; Conclusion; Chapter 4 -- File System; Introduction; Brief history; HFS+ overview; Volume Header; Allocation File; Catalog File; Attributes B-Tree; Inodes, Timestamps, Permissions, and Ownership; Inodes; Timestamps; Timestamps for Files; Timestamps for Folders; Permissions; Special File Permissions; Directory Permissions. |
| 505 8# - FORMATTED CONTENTS NOTE | |
| Formatted contents note | Sticky BitExtended Attributes; Access Control Lists; Resource Forks; File Types and Traits; OS X Specific File Extensions; .dmg; .kext; .plist; .app; .dylib; .pkg; Mach-O binary; Popular Scripting Languages Found on OS X; File Hierarchy Layout; /Applications; /Library; /System; /Users; /Volumes; /.vol; /bin; /usr; /cores; /sbin; /dev; /etc; /tmp; /private; /var; Miscellaneous Files; Hidden Files and Directories; .DS_Store; .Spotlight-V100; .metadata_never_index; .noindex; File Artifacts; Logs and Rotation; Key File Artifacts. |
| 630 00 - SUBJECT ADDED ENTRY--UNIFORM TITLE | |
| Uniform title | Mac OS. |
| 630 07 - SUBJECT ADDED ENTRY--UNIFORM TITLE | |
| Uniform title | Mac OS. |
| Source of heading or term | fast |
| Authority record control number | (OCoLC)fst01386304 |
| 650 #7 - SUBJECT ADDED ENTRY--TOPICAL TERM | |
| Topical term or geographic name as entry element | COMPUTERS |
| General subdivision | Security |
| -- | Online Safety & Privacy. |
| Source of heading or term | bisacsh |
| 650 #7 - SUBJECT ADDED ENTRY--TOPICAL TERM | |
| Topical term or geographic name as entry element | COMPUTERS |
| General subdivision | Security |
| -- | Networking. |
| Source of heading or term | bisacsh |
| 650 #7 - SUBJECT ADDED ENTRY--TOPICAL TERM | |
| Topical term or geographic name as entry element | COMPUTERS |
| General subdivision | Security |
| -- | General. |
| Source of heading or term | bisacsh |
| 650 #0 - SUBJECT ADDED ENTRY--TOPICAL TERM | |
| Topical term or geographic name as entry element | Computer security. |
| 650 #0 - SUBJECT ADDED ENTRY--TOPICAL TERM | |
| Topical term or geographic name as entry element | Intrusion detection systems (Computer security) |
| 650 #0 - SUBJECT ADDED ENTRY--TOPICAL TERM | |
| Topical term or geographic name as entry element | Computer crimes |
| General subdivision | Investigation. |
| 650 #7 - SUBJECT ADDED ENTRY--TOPICAL TERM | |
| Topical term or geographic name as entry element | Computer crimes |
| General subdivision | Investigation. |
| Source of heading or term | fast |
| Authority record control number | (OCoLC)fst00872065 |
| 650 #7 - SUBJECT ADDED ENTRY--TOPICAL TERM | |
| Topical term or geographic name as entry element | Computer security. |
| Source of heading or term | fast |
| Authority record control number | (OCoLC)fst00872484 |
| 650 #7 - SUBJECT ADDED ENTRY--TOPICAL TERM | |
| Topical term or geographic name as entry element | Intrusion detection systems (Computer security) |
| Source of heading or term | fast |
| Authority record control number | (OCoLC)fst01762593 |
| 655 #4 - INDEX TERM--GENRE/FORM | |
| Genre/form data or focus term | Electronic books. |
| 655 #0 - INDEX TERM--GENRE/FORM | |
| Genre/form data or focus term | Electronic books. |
| 776 08 - ADDITIONAL PHYSICAL FORM ENTRY | |
| Relationship information | Print version: |
| International Standard Book Number | 012804456X |
| -- | 9780128044568 |
| Record control number | (OCoLC)944209939 |
| 856 40 - ELECTRONIC LOCATION AND ACCESS | |
| Materials specified | ScienceDirect |
| Uniform Resource Identifier | http://www.sciencedirect.com/science/book/9780128044568 |
No items available.