04942cam a2200613Ii 4500 ocn949752822 OCoLC 20190328114815.0 m o d cr |n||||||||| 160512s2016 mau o 001 0 eng d YDXCP eng rda pn YDXCP OPELS OCLCF N$T COO D6H K6U DEBSZ LIV U3W OCLCA VVB EZ9 AU@ WYU 958083936 958392745 9780128045039 (electronic bk.) 0128045035 (electronic bk.) 012804456X 9780128044568 (OCoLC)949752822 (OCoLC)958083936 (OCoLC)958392745 QA76.9.A25 COM 060040 bisacsh COM 043050 bisacsh COM 053000 bisacsh 005.8 23 Bradley, Jaron, author. OS X incident response : scripting and analysis / [electronic resource] Jaron Bradley. Cambridge, MA : Syngress Publishers is an imprint of Elsevier, 2016. 1 online resource. text txt rdacontent computer c rdamedia online resource cr rdacarrier Includes index. Online resource; title from PDF title page (ScienceDirect, viewed May 19, 2016). Includes bibliographical references. Written for analysts who are looking to expand their understanding of a lesser-known operating system, this book focuses exclusively on OS X attacks, incident response, and forensics, and covers a wide variety of topics, including both the collection and analysis of the forensic pieces found on the OS. -- Edited summary from book. Cover; Title Page; Copyright Page; Contents; Acknowledgments ; Chapter 1 -- Introduction; Is there really a threat to OS X?; What is OS X; The XNU Kernel; Digging Deeper; Requirements; Forensically sound versus incident response; Incident Response Process; The Kill Chain; Applying the Killchain; Analysis environment; Malware Scenario; Chapter 2 -- Incident Response Basics; Introduction; Picking a language; Python; Ruby; Bash; Root versus nonroot; Yara; Basic Commands for Every Day Analysis; grep; egrep; cut; awk; sed; sort; uniq; Starting an IR Script; Collection; Analysis; Analysis Scripts. Yarafly.shYara Results Sorted and Counted; Conclusion; Chapter 3 -- Bash Commands; Introduction; Basic Bash commands; System Info; date; hostname; uptime; sw_vers; uname (-a); spctl ( -- status); bash -version; Who Info; whoami; who; w; finger (-m); last (); screen (-ls) (-x); User information; id; groups; printenv; dscl . -ls /Users; Process Information; ps (aux); Network Information; ifconfig; netstat (-ru) (-an); lsof (-p ) (-i); smbutil (statshares -a); arp (-a); security dump-trust-settings (-s) (-d); networksetup; System startup; launchctl list; crontab -l; atq; kextstat. Additional Commandsmdfind (-name) (-onlyin); sysctl (-a); history; security list-keychains; nvram; du -h; diskutil list; Miscellaneous; codesign (-d) (-vv); file; md5; tcpdump; printenv; nettop (-m); DTrace; Bash Environment Variables; Scripting the Collection; Analysis; Conclusion; Chapter 4 -- File System; Introduction; Brief history; HFS+ overview; Volume Header; Allocation File; Catalog File; Attributes B-Tree; Inodes, Timestamps, Permissions, and Ownership; Inodes; Timestamps; Timestamps for Files; Timestamps for Folders; Permissions; Special File Permissions; Directory Permissions. Sticky BitExtended Attributes; Access Control Lists; Resource Forks; File Types and Traits; OS X Specific File Extensions; .dmg; .kext; .plist; .app; .dylib; .pkg; Mach-O binary; Popular Scripting Languages Found on OS X; File Hierarchy Layout; /Applications; /Library; /System; /Users; /Volumes; /.vol; /bin; /usr; /cores; /sbin; /dev; /etc; /tmp; /private; /var; Miscellaneous Files; Hidden Files and Directories; .DS_Store; .Spotlight-V100; .metadata_never_index; .noindex; File Artifacts; Logs and Rotation; Key File Artifacts. Mac OS. Mac OS. fast (OCoLC)fst01386304 COMPUTERS Security Online Safety & Privacy. bisacsh COMPUTERS Security Networking. bisacsh COMPUTERS Security General. bisacsh Computer security. Intrusion detection systems (Computer security) Computer crimes Investigation. Computer crimes Investigation. fast (OCoLC)fst00872065 Computer security. fast (OCoLC)fst00872484 Intrusion detection systems (Computer security) fast (OCoLC)fst01762593 Electronic books. Electronic books. Print version: 012804456X 9780128044568 (OCoLC)944209939 ScienceDirect http://www.sciencedirect.com/science/book/9780128044568 247331 247331