Accession Number : ADA632497


Title :   Identifying and Embedding Common Indicators of Compromise in Virtual Machines for Lab-Based Incident Response Education


Descriptive Note : Capstone project rept.


Corporate Author : NAVAL POSTGRADUATE SCHOOL MONTEREY CA


Personal Author(s) : Van Dusen, Matthew S


Full Text : https://apps.dtic.mil/dtic/tr/fulltext/u2/a632497.pdf


Report Date : Sep 2015


Pagination or Media Count : 83


Abstract : Though typical malware delivery vectors, behaviors, and general attack craft can be verbally explained and even illustrated, greater familiarity and confidence is imbued in the cyber defender when such theoretical explanations are followed by guided practical exercises that provide realistic scenarios. To demonstrate this, we created seven scenarios utilizing common attack types combined with prominent artifacts for indicators of compromise and prominent incident investigative tools. These scenarios will help facilitate the educational experience for students as well as instill confidence, resulting in more proficient incident response across the field. Should this type of education become a part of the NPS curriculum, additional research can be conducted to reaffirm its true capacity.


Descriptors :   *EDUCATION , ARTIFACTS , ATTACK , COMPUTER VIRUSES , CONFIDENCE LEVEL , INDICATORS , MACHINES , STUDENTS


Subject Categories : Humanities and History


Distribution Statement : APPROVED FOR PUBLIC RELEASE