How To Integrate AD Enterprise And The CyberSponse Platform Using The AccessData

Joe: What you’re looking at right now is the CyberSponse platform itself. As an incident responder, you’re going to spend most of your life either in the Alerts, or Violations, or Incidents page.

In the Alerts page — what I’m going to do is I’m going to generate a simulated alert where you have an asset that’s been critically infected and you need to do something with AccessData in order to capture the memory. And so with that I’m going to go down and I’m going to run a simulation of AccessData [mumbling].

So when I run that, you’re going to see it creates a new alert at the top, where there’s a successful inbound connection. What this does is it creates an alert of an unknown… a specific port, 31337. And that is specifically because you’ve got a connection coming in, inbound to a specific asset.

Read More

Leave a Comment

Latest Videos

Digital Forensics News Round Up, March 27 2024 #dfir #digitalforensics

Forensic Focus 27th March 2024 6:06 pm

Digital Forensics News Round-Up, March 21 2024 #digitalforensics #dfir

Forensic Focus 21st March 2024 6:15 pm

This error message is only visible to WordPress admins

Important: No API Key Entered.

Many features are not available without adding an API Key. Please go to the YouTube Feeds settings page to add an API key after following these instructions.

Latest Articles