Nt Network Security Specialist, Nt Objectives. presented at Blackhat USA 1999

by Jd Glaser,

Tags: Security Auditing

Summary : Auditing NT - Catching Greg Hoglund
This talk will address the issue of auditing an NT box after a break in. Specifically, we will examine the evidence left behind by an intruder and how to preserve this evidence for criminal prosecution. NT's built in tools are not sufficient and can damage what you are looking for. I will present a tutorial on using a few free tools I have made specifically for this purpose.
The demonstration will make use of multiple overheads displaying the auditing notes and actual step by step details of a break in. Details will include:
* Examining the event log in an enlightened way. * Looking at the file system configuration. *Examining permissions. *Examining file attributes. *Examining surrounding systems. *Looking for trojan behavior. *Looking for backdoors. *Closing down the holes.
Again, the focus will be on looking at this data in a non-destructive manner. Hope to see you there.