| Description |
1 online resource. |
|
text txt rdacontent |
|
computer c rdamedia |
|
online resource cr rdacarrier |
| Note |
Includes index. |
|
Online resource; title from PDF title page (ScienceDirect, viewed May 19, 2016). |
| Bibliography |
Includes bibliographical references. |
| Summary |
Written for analysts who are looking to expand their understanding of a lesser-known operating system, this book focuses exclusively on OS X attacks, incident response, and forensics, and covers a wide variety of topics, including both the collection and analysis of the forensic pieces found on the OS. -- Edited summary from book. |
| Contents |
Cover; Title Page; Copyright Page; Contents; Acknowledgments ; Chapter 1 -- Introduction; Is there really a threat to OS X?; What is OS X; The XNU Kernel; Digging Deeper; Requirements; Forensically sound versus incident response; Incident Response Process; The Kill Chain; Applying the Killchain; Analysis environment; Malware Scenario; Chapter 2 -- Incident Response Basics; Introduction; Picking a language; Python; Ruby; Bash; Root versus nonroot; Yara; Basic Commands for Every Day Analysis; grep; egrep; cut; awk; sed; sort; uniq; Starting an IR Script; Collection; Analysis; Analysis Scripts. |
|
Yarafly.shYara Results Sorted and Counted; Conclusion; Chapter 3 -- Bash Commands; Introduction; Basic Bash commands; System Info; date; hostname; uptime; sw_vers; uname (-a); spctl ( -- status); bash -version; Who Info; whoami; who; w; finger (-m); last (); screen (-ls) (-x); User information; id; groups; printenv; dscl . -ls /Users; Process Information; ps (aux); Network Information; ifconfig; netstat (-ru) (-an); lsof (-p ) (-i); smbutil (statshares -a); arp (-a); security dump-trust-settings (-s) (-d); networksetup; System startup; launchctl list; crontab -l; atq; kextstat. |
|
Additional Commandsmdfind (-name) (-onlyin); sysctl (-a); history; security list-keychains; nvram; du -h; diskutil list; Miscellaneous; codesign (-d) (-vv); file; md5; tcpdump; printenv; nettop (-m); DTrace; Bash Environment Variables; Scripting the Collection; Analysis; Conclusion; Chapter 4 -- File System; Introduction; Brief history; HFS+ overview; Volume Header; Allocation File; Catalog File; Attributes B-Tree; Inodes, Timestamps, Permissions, and Ownership; Inodes; Timestamps; Timestamps for Files; Timestamps for Folders; Permissions; Special File Permissions; Directory Permissions. |
|
Sticky BitExtended Attributes; Access Control Lists; Resource Forks; File Types and Traits; OS X Specific File Extensions; .dmg; .kext; .plist; .app; .dylib; .pkg; Mach-O binary; Popular Scripting Languages Found on OS X; File Hierarchy Layout; /Applications; /Library; /System; /Users; /Volumes; /.vol; /bin; /usr; /cores; /sbin; /dev; /etc; /tmp; /private; /var; Miscellaneous Files; Hidden Files and Directories; .DS_Store; .Spotlight-V100; .metadata_never_index; .noindex; File Artifacts; Logs and Rotation; Key File Artifacts. |
| Subject |
Mac OS.
|
|
Mac OS
|
|
Computer security.
|
|
Intrusion detection systems (Computer security)
|
|
Computer crimes -- Investigation.
|
|
Sécurité informatique.
|
|
Systèmes de détection d'intrusion (Sécurité informatique)
|
|
Criminalité informatique -- Enquêtes.
|
|
COMPUTERS -- Security -- Online Safety & Privacy.
|
|
COMPUTERS -- Security -- Networking.
|
|
COMPUTERS -- Security -- General.
|
|
Computer crimes -- Investigation
|
|
Computer security
|
|
Intrusion detection systems (Computer security)
|
| Other Form: |
Print version: 012804456X 9780128044568 (OCoLC)944209939 |
| ISBN |
9780128045039 (electronic bk.) |
|
0128045035 (electronic bk.) |
|
012804456X |
|
9780128044568 |
| Standard No. |
DEBSZ 482470704 |
|
GBVCP 87939899X |
|
AU@ 000057547855 |
|
CHNEW 001026567 |
|
UKMGB 017857237 |
|
AU@ 000066173043 |
|
