The objective of this exercise is to familiarize you with the process of In addition to the incidenthandling functions discussed here, itĬan also be used to roll out a network of similarly configured PCs more Ghost from Symantec is a tool that allows for the creation and management ofīinary images. The original drive in a pristine state for evidentiary purposes while giving youĪ duplicate that can be used for research purposes. Also, if you intend to prosecute the attacker, it allows you to save System is compromised while still getting the production system back online ![]() If a database with constantlyĬhanging data resides on the system, it would not be as effective.įrom a forensics standpoint, the capability to make a binary copy of aĬompromised system has two benefits. This is accomplished by making aīinary image of the system before it is put online. System to a known good state immediately. The capability to create disk images is important for incident handling forįrom a recovery standpoint, disk images can help you restore a compromised ![]() Learn More Buy Exercise 1: Disk Imaging with Ghost Description SANS GIAC Certification: Security Essentials Toolkit (GSEC)
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |