Intrusion Auditing Under Windows NT

Explore intrusion auditing techniques for Windows NT systems in this 43-minute Black Hat USA 1999 conference talk by JD Glaser. Learn how to effectively examine and preserve evidence left behind by intruders for potential criminal prosecution. Discover the limitations of NT's built-in tools and gain insights into using specialized free tools designed for non-destructive auditing. Follow a step-by-step demonstration covering key aspects of post-break-in analysis, including event log examination, file system configuration assessment, permission and file attribute analysis, surrounding system inspection, trojan behavior detection, backdoor identification, and vulnerability mitigation. Enhance your ability to conduct thorough and forensically sound intrusion audits on Windows NT environments.