The inspector: automating the forensic investigation of infected computers

John Morris, Eric Kedrosky Nortel

Zero day outbreaks of bots and viruses, undetected by current AV signatures, are common occurrences on corporate networks. When dealing with a significant outbreak of a new threat, there are many unknowns, not the least of which are knowing what common vulnerabilities may be allowing these systems to become infected and the malware files that have been deposited. By automating the forensic investigation process, IT security teams can be provided this critical information within minutes of the outbreak starting.

This presentation will cover why automated forensic investigations are needed, what information to gather and how to gather it remotely.

 del.icio.us  digg this! digg this

Quick Links

Poll
The Japanese government is reported to have commissioned a 'defensive virus'. Is 'defensive' malware ever a good idea?
Yes
No
I don't know
Leave a comment
View 11 comments

99 Subscription Promo

Malware Prevalence
Autorun |#######|
Encrypted/Obfuscated |#####|
Heuristic/generic |#####|
Sality |####|
Zbot |####|
 View this month's full report

Virus Bulletin currently has 224,243 registered users.