How To Integrate AD Enterprise And The CyberSponse Platform Using The AccessData API

Forensic Focus - Articles

Joe: What you’re looking at right now is the CyberSponse platform itself. As an incident responder, you’re going to spend most of your life either in the Alerts, or Violations, or Incidents page. 

In the Alerts page — what I’m going to do is I’m going to generate a simulated alert where you have an asset that’s been critically infected and you need to do something with AccessData in order to capture the memory. And so with that I’m going to go down and I’m going to run a simulation of AccessData [mumbling]. 

So when I run that, you’re going to see it creates a new alert at the top, where there’s a successful inbound connection. What this does is it creates an alert of an unknown… a specific port, 31337. And that is specifically because you’ve got a connection coming in, inbound to a specific asset. 

And we can…

View original post 1,976 more words