O'Reilly logo

Learning Network Forensics by Samir Datt

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Indicators of Compromise

Indicators of Compromise (IOC) as they are commonly known are the symptoms that confirm the presence of the malware malady. Essentially, from a network forensics' perspective, these are artifacts (or a remnant from an intrusion) that, when discovered on a system or network, indicate a compromise with a high degree of confidence. There are malware-specific IOC and specialized tools such as YARA (http://plusvic.github.io/yara/) that help in identifying the existence of malware based on searches for these IOC.

Typically, IOC include known rogue IP addresses, virus signatures, MD5 hashes of malware, known bad URLs or domain names, and so on.

To promote standardization, a number of open frameworks are available. However, ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required