Journey to the Centre of the Breach

Computer forensics is no longer exclusively the domain of law enforcement investigators.

The same techniques applied to gathering evidence for use in court can also be applied to investigating a security incident in order to provide the victim with information and assurance.

In this report, a case study is presented that details the tools and techniques used in the investigation of a breach of an FTP server, from the initial log file analysis through to reverse engineering the discovered malware.