Mirrors/hacktricks
2
0
Fork 0
mirror of https://github.com/carlospolop/hacktricks synced 2024-11-15 01:17:36 +00:00
Code Issues Projects Releases Packages Wiki Activity

GitBook: [master] 2 pages modified

Browse source
This commit is contained in:
CPol 2021-09-06 16:03:19 +00:00 committed by gitbook-bot
parent 2721a3c23a
commit 91d0bd6bea
No known key found for this signature in database
GPG key ID: 07D2180C7B12D0FF
2 changed files with 12 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
SUMMARY.md
View file

@ -437,7 +437,7 @@
## Forensics
* [Basic Forensic Methodology](forensics/basic-forensic-methodology/README.md)
* [File Integrity Monitoring](forensics/basic-forensic-methodology/file-integrity-monitoring.md)
* [Baseline Monitoring](forensics/basic-forensic-methodology/file-integrity-monitoring.md)
* [Anti-Forensic Techniques](forensics/basic-forensic-methodology/anti-forensic-techniques.md)
* [Docker Forensics](forensics/basic-forensic-methodology/docker-forensics.md)
* [Image Adquisition & Mount](forensics/basic-forensic-methodology/image-adquisition-and-mount.md)

13
forensics/basic-forensic-methodology/file-integrity-monitoring.md
View file

@ -1,4 +1,13 @@
# File Integrity Monitoring
# Baseline Monitoring
## Baseline
A baseline consist on take a snapshot of certain part of a system in oder to c**ompare it with a future status to highlight changes**.
For example, you can calculate and store the hash of each file of the filesystem to .be able to find out which files were modified.
This can also be done with the user accounts created, processes running, services running and any other thing that shouldn't change much, or at all.
### File Integrity Monitoring
File integrity monitoring is one of the most powerful techniques used to secure IT infrastructures and business data against a wide variety of both known and unknown threats.
The goal is to generate a **baseline of all the files** that you want monitor and then **periodically** **check** those files for possible **changes** \(in the content, attribute, metadata...\).
@ -12,7 +21,7 @@ The goal is to generate a **baseline of all the files** that you want monitor an
* [https://github.com/topics/file-integrity-monitoring](https://github.com/topics/file-integrity-monitoring)
* [https://www.solarwinds.com/security-event-manager/use-cases/file-integrity-monitoring-software](https://www.solarwinds.com/security-event-manager/use-cases/file-integrity-monitoring-software)
### References
## References
* [https://cybersecurity.att.com/blogs/security-essentials/what-is-file-integrity-monitoring-and-why-you-need-it](https://cybersecurity.att.com/blogs/security-essentials/what-is-file-integrity-monitoring-and-why-you-need-it)