SANS Digital Forensics and Incident Response Blog: Daily Archives: Jun 21, 2010

Security Intelligence: Defining APT Campaigns

In the three previous installments of this series, I introduced security intelligence and how to begin thinking about sophisticated intrusions. In this entry, I will discuss how my team at Lockheed Martin defines the adversaries that we track using the definitions covered previously, with a particular focus on the kill chain. As always, credit for these techniques belongs to my team and the hard work of evolutionary CND we've done over the past 6 years.

The "persistence" in APT intrusions is manifested in two ways: maintaining a presence on your network, as well as repeatedly attempting to gain entry to areas where presence is not


Computer Forensic Examiners: PI Licensing Requirement Revisited

Do computer forensic examiners have to be licensed as private investigators? Well, that varies by state. Benjamin Wright has discussed the PI requirementhere and Texas PI legislationhere.Scott Moulton provided some insight to Michigan and the CISSP requirementhere. I do not plan to regurgitate their research or viewpoints, but rather continue the discussion and provide some additional information in regards to another