티스토리 뷰
The term live response is being heard more and more frequently but what exactly is it and how does it differ from traditional forensics.
Live response and traditional forensics have a lot in common in that they both are looking for similar artifacts on a system. The differentiator with live response is that the artifacts are being discovered on a live running system. With traditional forensics images are taken of volatile memory and disks before being analyzed. Imaging alone can take hours and then the images need to be processed/indexed to allow for keyword searches. With a large disk obtaining and processing the image can easily take a day. With live response there is no imaging or processing that has to occur. Everything is real time. This dramatically improves the response time in identifying and quantifying a threat. And the quicker the threat is identified, the quicker it can be contained and remediated.
'Forensic TIPs' 카테고리의 다른 글
| Control Panel Forensics: Evidence of Time Manipulation and More (0) | 2015.07.29 |
|---|---|
| 스마트폰 포렌식 포스터 (0) | 2014.07.24 |
| Recycle Bin Forensics (0) | 2014.02.14 |
| Recovering Data from Deleted SQLite Records: Redux (0) | 2013.09.23 |
| 파일 서버 collection (0) | 2011.08.09 |
댓글