Dhaka University Library Online

Your cart is empty.
Library Logo
Normal view MARC view ISBD view

OS X incident response : scripting and analysis / [electronic resource]

by Bradley, Jaron [author.].
Material type: materialTypeLabelBookPublisher: Cambridge, MA : Syngress Publishers is an imprint of Elsevier, 2016.Description: 1 online resource.ISBN: 9780128045039; 0128045035.Subject(s): Mac OS | Mac OS | COMPUTERS -- Security -- Online Safety & Privacy | COMPUTERS -- Security -- Networking | COMPUTERS -- Security -- General | Computer security | Intrusion detection systems (Computer security) | Computer crimes -- Investigation | Computer crimes -- Investigation | Computer security | Intrusion detection systems (Computer security) | Electronic books | Electronic booksOnline resources: ScienceDirect
Contents:
Cover; Title Page; Copyright Page; Contents; Acknowledgments ; Chapter 1 -- Introduction; Is there really a threat to OS X?; What is OS X; The XNU Kernel; Digging Deeper; Requirements; Forensically sound versus incident response; Incident Response Process; The Kill Chain; Applying the Killchain; Analysis environment; Malware Scenario; Chapter 2 -- Incident Response Basics; Introduction; Picking a language; Python; Ruby; Bash; Root versus nonroot; Yara; Basic Commands for Every Day Analysis; grep; egrep; cut; awk; sed; sort; uniq; Starting an IR Script; Collection; Analysis; Analysis Scripts.
Yarafly.shYara Results Sorted and Counted; Conclusion; Chapter 3 -- Bash Commands; Introduction; Basic Bash commands; System Info; date; hostname; uptime; sw_vers; uname (-a); spctl ( -- status); bash -version; Who Info; whoami; who; w; finger (-m); last (); screen (-ls) (-x); User information; id; groups; printenv; dscl . -ls /Users; Process Information; ps (aux); Network Information; ifconfig; netstat (-ru) (-an); lsof (-p ) (-i); smbutil (statshares -a); arp (-a); security dump-trust-settings (-s) (-d); networksetup; System startup; launchctl list; crontab -l; atq; kextstat.
Additional Commandsmdfind (-name) (-onlyin); sysctl (-a); history; security list-keychains; nvram; du -h; diskutil list; Miscellaneous; codesign (-d) (-vv); file; md5; tcpdump; printenv; nettop (-m); DTrace; Bash Environment Variables; Scripting the Collection; Analysis; Conclusion; Chapter 4 -- File System; Introduction; Brief history; HFS+ overview; Volume Header; Allocation File; Catalog File; Attributes B-Tree; Inodes, Timestamps, Permissions, and Ownership; Inodes; Timestamps; Timestamps for Files; Timestamps for Folders; Permissions; Special File Permissions; Directory Permissions.
Sticky BitExtended Attributes; Access Control Lists; Resource Forks; File Types and Traits; OS X Specific File Extensions; .dmg; .kext; .plist; .app; .dylib; .pkg; Mach-O binary; Popular Scripting Languages Found on OS X; File Hierarchy Layout; /Applications; /Library; /System; /Users; /Volumes; /.vol; /bin; /usr; /cores; /sbin; /dev; /etc; /tmp; /private; /var; Miscellaneous Files; Hidden Files and Directories; .DS_Store; .Spotlight-V100; .metadata_never_index; .noindex; File Artifacts; Logs and Rotation; Key File Artifacts.
Summary: Written for analysts who are looking to expand their understanding of a lesser-known operating system, this book focuses exclusively on OS X attacks, incident response, and forensics, and covers a wide variety of topics, including both the collection and analysis of the forensic pieces found on the OS. -- Edited summary from book.
Tags from this library: No tags from this library for this title. Add tag(s)
Log in to add tags.
    average rating: 0.0 (0 votes)
No physical items for this record

Includes index.

Online resource; title from PDF title page (ScienceDirect, viewed May 19, 2016).

Includes bibliographical references.

Written for analysts who are looking to expand their understanding of a lesser-known operating system, this book focuses exclusively on OS X attacks, incident response, and forensics, and covers a wide variety of topics, including both the collection and analysis of the forensic pieces found on the OS. -- Edited summary from book.

Cover; Title Page; Copyright Page; Contents; Acknowledgments ; Chapter 1 -- Introduction; Is there really a threat to OS X?; What is OS X; The XNU Kernel; Digging Deeper; Requirements; Forensically sound versus incident response; Incident Response Process; The Kill Chain; Applying the Killchain; Analysis environment; Malware Scenario; Chapter 2 -- Incident Response Basics; Introduction; Picking a language; Python; Ruby; Bash; Root versus nonroot; Yara; Basic Commands for Every Day Analysis; grep; egrep; cut; awk; sed; sort; uniq; Starting an IR Script; Collection; Analysis; Analysis Scripts.

Yarafly.shYara Results Sorted and Counted; Conclusion; Chapter 3 -- Bash Commands; Introduction; Basic Bash commands; System Info; date; hostname; uptime; sw_vers; uname (-a); spctl ( -- status); bash -version; Who Info; whoami; who; w; finger (-m); last (); screen (-ls) (-x); User information; id; groups; printenv; dscl . -ls /Users; Process Information; ps (aux); Network Information; ifconfig; netstat (-ru) (-an); lsof (-p ) (-i); smbutil (statshares -a); arp (-a); security dump-trust-settings (-s) (-d); networksetup; System startup; launchctl list; crontab -l; atq; kextstat.

Additional Commandsmdfind (-name) (-onlyin); sysctl (-a); history; security list-keychains; nvram; du -h; diskutil list; Miscellaneous; codesign (-d) (-vv); file; md5; tcpdump; printenv; nettop (-m); DTrace; Bash Environment Variables; Scripting the Collection; Analysis; Conclusion; Chapter 4 -- File System; Introduction; Brief history; HFS+ overview; Volume Header; Allocation File; Catalog File; Attributes B-Tree; Inodes, Timestamps, Permissions, and Ownership; Inodes; Timestamps; Timestamps for Files; Timestamps for Folders; Permissions; Special File Permissions; Directory Permissions.

Sticky BitExtended Attributes; Access Control Lists; Resource Forks; File Types and Traits; OS X Specific File Extensions; .dmg; .kext; .plist; .app; .dylib; .pkg; Mach-O binary; Popular Scripting Languages Found on OS X; File Hierarchy Layout; /Applications; /Library; /System; /Users; /Volumes; /.vol; /bin; /usr; /cores; /sbin; /dev; /etc; /tmp; /private; /var; Miscellaneous Files; Hidden Files and Directories; .DS_Store; .Spotlight-V100; .metadata_never_index; .noindex; File Artifacts; Logs and Rotation; Key File Artifacts.

There are no comments for this item.

Log in to your account to post a comment.
Last Updated on September 15, 2019
© Dhaka University Library. All Rights Reserved|Staff Login