September 2021
Beginner to intermediate
392 pages
12h 13m
Chinese
book
Google系统架构解密: 构建安全可靠的系统
by Heather Adkins, Betsy Beyer, Paul Blankinship, Piotr Lewandowski, Ana Oprea, Adam Stubblefield
Content preview from Google系统架构解密: 构建安全可靠的系统
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.
危机管理
|
281
内存镜像复制
复制系统内存(或在某些情况下,复制运行中的二进制文件内存)。内存包含许多可能
对调查有用的数字证据,如进程树、正在运行的可执行文件,甚至被攻击者加密的文件
密码。
文件切割
尤其对那些可能已被删除的文件来说,可提取磁盘内容来尝试恢复某些文件类型,如攻
击者试图删除的日志。有些操作系统在删除文件时不会将其内容清零。相反,它们只解
除文件名的链接,并将磁盘区域标记为空闲状态,供后续重用。这样一来就可以恢复被
攻击者删除的数据。
日志分析
无论是系统自身还是其他来源的日志,调查其中与系统相关的事件。网络日志可以显示
与系统交互的人员身份及时间。其他服务器和桌面的日志可显示其他活动。
恶意软件分析
分析攻击者使用的工具,以确定它们的功能、工作原理以及与哪些系统通信。为了更好
地掌握系统被入侵的潜在迹象,并分析得到的数据,通常会将其反馈给从事取证和检测
工作的团队。
在数字取证过程中,事件间的关系和事件本身同等重要。
取证分析员所做的大部分获取工件的工作,有助于构建
取证时间轴
4
。通过收集按时间顺序
排列的事件列表,取证分析员可以确定攻击活动的相关性和因果性,从而推导出这些事件
发生的
原因
。
示例
:
电子邮件攻击
设想一个虚构的场景:一名未知的攻击者通过电子邮件向开发人员发送恶意附件,开
发人员无意中打开了这封邮件,导致计算机被成功入侵。此附件在开发人员的计算机
上安装了恶意浏览器扩展。借助恶意扩展,攻击者窃取了开发人员的凭据并登录到文
件服务器。一旦登录服务器,攻击者就开始收集机密文件并将其复制到自己的远程服 ...
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Read now
Unlock full access
More than 5,000 organizations count on O’Reilly
O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.Julian F.
I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.Addison B.
I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.Amir M.
I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.