InfoSec Blog

There are occasions in technology where events or results inspire feelings of mystery. Those, "it must be magic" moments when our existing body of knowledge is incapable of processing the situation. I encountered one such event today, so I thought I would share a bit.

I was doing some work on a very large log correlation server recently. By large I mean copious amounts of log files, not necessarily large in size. Essentially, the chief task was that I needed to audit what was being kept as online history. As you, dedicated readers, remember PCI-DSS requires one year of history to be kept online. That can mean quite a bit of data in most cases. Being both technically-adept and lazy, I turned to the "find" command.

IP Addressing schemes that mimic life models of land animal herds.

Who said analyzing firewalls and network devices was something tedious and cumbersome? Well your problems are over: Introducing Nipper, the network device configuration parser.

In the first two parts of this series we discussed installing the SuSe Linux operating system. The first in the series took you through the first half of the installation while the second finished the install off. The install served to get you a base installation of SuSe Linux. If you have a default build for SuSe that you prefer then by all means use it just make sure to open the appropriate firewall ports for Splunk and administering the system (22 and 443 to start with more to be added as we go into parts 4 and 5 of this series). With that said let's setup a basic Splunk instance on the server. Now that the Linux operating system is installed it is time to install the latest instance of Splunk...

Most people are unaware that the documents they create and edit using Microsoft’s Office suite of products contain a large amount of data related to the documents life-cycle. While usually benign and not very interesting, this data can become quite valuable in a forensic investigation. It can help establish timetables of when a file was last accessed or modified. An examiner can even extract the last few users who edited the file and the previous locations the document was stored.