Latest COVID-19 Information for Purdue University

The Center for Education and Research in Information Assurance and Security (CERIAS)

The Center for Education and Research in
Information Assurance and Security (CERIAS)

Charles Boeckman - MITRE Corporation

"Forensic Analysis of Computer Compromises"

Apr 02, 1999

Abstract

A key step between detecting an attack and reacting to an intrusion is understanding the attack and why it is successful. Questions that must be investigated before a detected or suspected attack can be understood include: Who performed the attack? How did they perform the attack? What damage was caused by the attack? To answer these questions, a compromised system must be examined to identify evidence left behind by the attacker. To be successful at determining the nature of an attack, a systematic methodology must be identified. The MITRE Corporation has developed a methodology for use in investigating compromised systems. The results of this work include a Linux based analysis tool that implement the methodology called the Forensic Intrusion Analysis Tool (FIAT). The application, which is written in PERL, can be used in a networked environment where data related to a system compromise may exist on multiple hosts such as a firewall or an intrusion detection system.

About the Speaker

Charles Boeckman
Chuck Boeckman is a Lead Information Systems Security Engineer with the MITRE Corporation. He has a B. S. in Electrical Engineering from Southern Illinois University, and has been working in information security for over 9 years. His work includes the installation of firewalls and intrusion detection systems, performing vulnerability assessments, and analyzing system compromises. He is task lead for MITRE's research in the area of computer forensic analysis. Prior to joining MITRE, Chuck spent 10 years in the US Air Force with assignments at the National Security Agency and the Air Force Information Warfare Center.

Unless otherwise noted, the security Fall and Spring seminar series is held on Wednesdays at 4:30P.M. STEW G52 (Suite 050B), West Lafayette Campus. More information...

Ways to Watch

YouTube

Watch Now!

Over 500 videos of our weekly seminar and symposia keynotes are available on our YouTube Channel. Also check out Spaf's YouTube Channel. Subscribe today!