Practice your forensic skills
One of the most frequently asked questions upon completion of any CEH or CHFI class is "How do I analyze a system after an attack"?
This is a reasonable question, and the most straightforward answer is in a word - "Practice". Not to sound trite, but the same thing applies to students that take a class in a programming language. After learning the basics, it is now up to the student to apply the concepts in creative ways, and do a lot of it.
In staying with the student programmer analogy, most of what a programmer writes will not work. Either because the student has not broken down the problem into small and discreet enough steps, or because he is simply trying something that is too hard at the present stage. The point is, expect the process to take time, require a lot of failures, and don't worry about it. It is the way it works for everyone.
Here are some suggestions; Visit and read the sans.org and the securityfocus article collections. Also frequent the technical libraries of major anti-virus vendors. These websites have large collections of articles that breakdown the process of analysing a system for particular compromises. Through these case studies, you can pickup important tips and ideas without having to discover them all for yourself the hard way.
When you are ready to, try the monthly scan challenges from the honeynet.org project.
This is a reasonable question, and the most straightforward answer is in a word - "Practice". Not to sound trite, but the same thing applies to students that take a class in a programming language. After learning the basics, it is now up to the student to apply the concepts in creative ways, and do a lot of it.
In staying with the student programmer analogy, most of what a programmer writes will not work. Either because the student has not broken down the problem into small and discreet enough steps, or because he is simply trying something that is too hard at the present stage. The point is, expect the process to take time, require a lot of failures, and don't worry about it. It is the way it works for everyone.
Here are some suggestions; Visit and read the sans.org and the securityfocus article collections. Also frequent the technical libraries of major anti-virus vendors. These websites have large collections of articles that breakdown the process of analysing a system for particular compromises. Through these case studies, you can pickup important tips and ideas without having to discover them all for yourself the hard way.
When you are ready to, try the monthly scan challenges from the honeynet.org project.
