Explore intrusion auditing techniques for Windows NT systems in this 43-minute Black Hat USA 1999 conference talk by JD Glaser. Learn how to effectively examine and preserve evidence left behind by intruders for potential criminal prosecution. Discover the limitations of NT's built-in tools and gain insights into using specialized free tools designed for non-destructive auditing. Follow a step-by-step demonstration covering key aspects of post-break-in analysis, including event log examination, file system configuration assessment, permission and file attribute analysis, surrounding system inspection, trojan behavior detection, backdoor identification, and vulnerability mitigation. Enhance your ability to conduct thorough and forensically sound intrusion audits on Windows NT environments.
Overview
Syllabus
Black Hat USA 1999 - Intrusion Auditing Under Windows NT
Taught by
Black Hat