GCIH GIAC Certified Incident Handler All-in-One Exam Guide (2020)

Preview (31 of 640 Pages)

100%

Purchase to unlock

Loading page image...

DownloadedfromStudyXY.com[=Ww+StudyXYoias.Za\Rr'BE\StudyAnythingThisContentHasbeenPostedOnStudyXY.comassupplementarylearningmaterial.StudyXYdoesnotendroseanyuniversity,collegeorpublisher.Allmaterialspostedareundertheliabilityofthecontributors.|8)www.studyxy.com

Loading page image...

Copyright©2020byMcGrawHill.Allrightsreserved.ExceptaspermittedundertheUnitedStatesCopyrightActof1976,nopartofthispublicationmaybereproducedordistributedinanyformorbyanymeans,orstoredinadatabaseorretrievalsystem,withoutthepriorwrittenpermissionofthepublisher,withtheexceptionthattheprogramlistingsmaybeentered,stored,andexecutedinacomputersystem,buttheymaynotbereproducedforpublication.ISBN:978-1-26-046163-3MHID: 1-26-046163-7ThematerialinthiseBookalsoappearsintheprintversionofthistitle:ISBN:978-1-26-046162-6,MHID:1-26-046162-9.eBookconversionbycodeMantraVersion1.0Alltrademarksaretrademarksoftheirrespectiveowners.Ratherthanputatrademarksymbolaftereveryoccurrenceofatrademarkedname,weusenamesinaneditorialfashiononly,andtothebenefitofthetrademarkowner,withnointentionofinfringementofthetrademark.Wheresuchdesignationsappearinthisbook,theyhavebeenprintedwithinitialcaps.McGraw-HillEducationeBooksareavailableatspecialquantitydiscountstouseaspremiumsandsalespromotionsorforuseincorporatetrainingprograms.Tocontactarepresentative,pleasevisittheContactUspageatwww.mhprofessional.com.InformationhasbeenobtainedbyMcGrawHillfromsourcesbelievedtobereliable.However,becauseofthepossibilityofhumanormechanicalerrorbyoursources,McGrawHill,orothers,McGrawHilldoesnotguaranteetheaccuracy,adequacy,orcompletenessofanyinformationandisnotresponsibleforanyerrorsoromissionsortheresultsobtainedfromtheuseofsuchinformation.TERMSOFUSE

Loading page image...

ThisisacopyrightedworkandMcGraw-HillEducationanditslicensorsreserveallrightsinandtothework.Useofthisworkissubjecttotheseterms.ExceptaspermittedundertheCopyrightActof1976andtherighttostoreandretrieveonecopyofthework,youmaynotdecompile,disassemble,reverseengineer,reproduce,modify,createderivativeworksbasedupon,transmit,distribute,disseminate,sell,publishorsublicensetheworkoranypartofitwithoutMcGraw-HillEducation’spriorconsent.Youmayusetheworkforyourownnoncommercialandpersonaluse;anyotheruseoftheworkisstrictlyprohibited.Yourrighttousetheworkmaybeterminatedifyoufailtocomplywiththeseterms.THEWORKISPROVIDED“ASIS.”McGRAW-HILLEDUCATIONANDITSLICENSORSMAKENOGUARANTEESORWARRANTIESASTOTHEACCURACY,ADEQUACYORCOMPLETENESSOFORRESULTSTOBEOBTAINEDFROMUSINGTHEWORK,INCLUDINGANYINFORMATIONTHATCANBEACCESSEDTHROUGHTHEWORKVIAHYPERLINKOROTHERWISE,ANDEXPRESSLYDISCLAIMANYWARRANTY,EXPRESSORIMPLIED,INCLUDINGBUTNOTLIMITEDTOIMPLIEDWARRANTIESOFMERCHANTABILITYORFITNESSFORAPARTICULARPURPOSE.McGraw-HillEducationanditslicensorsdonotwarrantorguaranteethatthefunctionscontainedintheworkwillmeetyourrequirementsorthatitsoperationwillbeuninterruptedorerrorfree.NeitherMcGraw-HillEducationnoritslicensorsshallbeliabletoyouoranyoneelseforanyinaccuracy,errororomission,regardlessofcause,intheworkorforanydamagesresultingtherefrom.McGraw-HillEducationhasnoresponsibilityforthecontentofanyinformationaccessedthroughthework.UndernocircumstancesshallMcGraw-HillEducationand/oritslicensorsbeliableforanyindirect,incidental,special,punitive,consequentialorsimilardamagesthatresultfromtheuseoforinabilitytousethework,evenifanyofthemhasbeenadvisedofthepossibilityofsuchdamages.Thislimitationofliabilityshallapplytoanyclaimorcausewhatsoeverwhethersuchclaimorcausearisesincontract,tortorotherwise.

Loading page image...

Thisbookisdedicatedtomybeautifulwife,Elizabeth,forallhersupportandencouragement.

Loading page image...

ABOUTTHEAUTHORNickMitropoulosistheCEOofScarletDragonflyandhasmorethan14yearsofexperienceinsecuritytraining,cybersecurity,incidenthandling,vulnerabilitymanagement,securityoperations,threatintelligence,anddatalossprevention.Hehasworkedforavarietyofcompanies(includingtheGreekMinistryofEducation,AT&T,F5Networks,JPMorganChase,KPMG,andDeloitte)andhasprovidedcriticaladvicetomanyclientsregardingvariousaspectsoftheirsecurity.He’sSC/NATOsecuritycleared,acertified(ISC)?andEC-Councilinstructor,Ciscochampion,andseniorIEEEmember,aswellasaGIACadvisoryboardmember,andhasanMSc(withdistinction)inAdvancedSecurityandDigitalForensicsfromEdinburghNapierUniversity.Heholdsover25securitycertifications,includingGCIH,GPEN,GWAPT,GISF,Security+,SSCP,CBE,CMO,CCNACyberOps,CCNASecurity,CCNARouting&Switching,CCDA,CEH,CEIPaloAlto(ACE),Qualys(CertifiedSpecialistinAssetViewandThreatPROTECT,CloudAgent,PCICompliance,PolicyCompliance,VulnerabilityManagement,WebApplicationScanning),andSplunkCertifiedUser.Ifyouhaveanyquestionsorwanttoprovideanyfeedback,pleasefeelfreetoreachoutviafeedback@scarlet-dragonfly.com,LinkedIn(https://www.linkedin.com/in/nickmitropoulos),orTwitter(@MitropoulosNick).AbouttheTechnicalEditorPaulJoseph,MEng,CISSP,GCIA,andGCHQ-certifiedcloudpractitioner,hasbeenintheITindustrysince2004.Heiscurrentlyanindependentcybersecuritytechnicalconsultant.Paulbeganhiscareerasatechnicianandtrainer,wherehesupportedvarioustechnologies.Overtheyears,hehasworkedasasecurityengineer,securityanalyst,incidentresponder,andsecurityoperationsconsultantforcriticalUKinfrastructure,financial

Loading page image...

services,andglobalserviceprovidersintheUKandabroad.Paulisapassionateblueteamerandcloudenthusiast.+StudyXy

Loading page image...

CONTENTSATAGLANCEChapter1BuildingaLabChapter2IntrusionAnalysisandIncidentHandlingChapter3InformationGatheringChapter4Scanning,Enumeration,andVulnerabilityIdentificationChapter5VulnerabilityExploitationChapter6InfrastructureandEndpointAttacksChapter7NetworkAttacksChapter8DenialofServiceAttacksChapter9WebApplicationAttacksChapter10MaintainingAccessChapter11CoveringTracksandTunnelingChapter12Worms,Bots,andBotnetsAppendixACommandsIndexAppendixBToolsAppendixCExamIndexAppendixDAbouttheOnlineContentGlossaryIndex

Loading page image...

CONTENTSAcknowledgmentsIntroductionChapter1BuildingaLabCreatingaKaliLinuxVirtualMachineCreatingaMetasploitableVirtualMachineTestingExternalConnectivityfromKaliLinuxTestingExternalConnectivityfromMetasploitableTestingCommunicationBetweenKaliLinuxandMetasploitableCreatingaWindowsVirtualMachineTestingCommunicationBetweenWindows,KaliLinux,andMetasploitableVMsLinuxandWindowsCommandsChapterReviewQuestionsAnswersReferencesandFurtherReadingChapter2IntrusionAnalysisandIncidentHandlingIncidentHandlingIntroductionIncidentHandlingPhasesPreparationBuildingaTeamCollectingOrganizationalInformationRespondingtoanIncidentHardwareSoftware

Loading page image...

IdentificationIncidentSourcesDataCollectionforIncidentResponseWindowsInvestigationsLinuxInvestigationsContainmentTrackingandCommunicatinganIncidentContainmentStrategiesEradicationRecoveryLessonsLearnedChapterReviewQuestionsAnswersReferencesandFurtherReadingChapter3InformationGatheringPublicWebsiteSearchingNetcrafttheHarvesterWgetSocialMediaSearchingDefendingAgainstPublicWebsiteandSocialMediaSearchingUsingSearchEnginesforInformationGatheringSearchEngineQueryExamplesViewingDeletedContentThroughtheWaybackMachineUsingToolsforSearchEngineInformationGatheringAutomationRecon-NGMetagoofilExiftoolFOCA(FingerprintingOrganizationswithCollectedArchives)SearchDiggity

Loading page image...

DefendingAgainstSearchEngineInformationGatheringWhoisLookupsPerformingWhoisLookupsUsingIANAandRegionalRegistriesPerformingWhoisLookupsUsingOnlineToolsPerformingWhoisLookupsUsingtheCommandLineDefendingAgainstWhoisLookupsDNSLookupsPerformingDNSLookupsUsingOnlineToolsNslookupDigHostDNSReconDefendingAgainstDNSLookupsWarDialingDefendingAgainstWarDialingWarDrivingWirelessNetworkIntroductionAirmon-ngKismetInSSIDerOtherToolsWorthCheckingDefendingAgainstWarDrivingGeneral-PurposeInformationGatheringToolsMaltegoShodanMapsSpokeoGrayhatWarfareChapterReviewQuestionsAnswersReferencesandFurtherReadingChapter4Scanning,Enumeration,andVulnerabilityIdentification

Loading page image...

IntroductiontoARP,ICMP,IP,TCP,andUDPARPICMPIPTCPUDPNetworkMappingArp-scanPingTracerouteZenmapDefendingAgainstNetworkMappingPortScanningNmapHping3AdditionalScanningToolsProxyUtilizationIDS/IPSEvasionDefendingAgainstPortScanningandIDSEvasionVulnerabilityIdentificationNessusDefendingAgainstVulnerabilityIdentificationCommonlyExploitedProtocols:AFewUsefulExamplesFTPTelnetSMBDefendingAgainstSMBSessionsChapterReviewQuestionsAnswersReferencesandFurtherReadingChapter5VulnerabilityExploitationTcpdumpScenario1:PingScan

Loading page image...

Scenario2:ReachingtheWebServerWiresharkScenario1:CaptureWebTraffictoMetasploitableScenario2:CaptureWebTraffictoMultipleMetasploitableWebpagesMetasploitArchitectureModulesInformationGatheringExploitingServicesArmitageNetcatDifferentFlavorsBasicOperationConnectingtoOpenPortsFileTransfersBackdoorsPortScanningRelaysSETBeEFChapterReviewQuestionsAnswersReferencesandFurtherReadingChapter6InfrastructureandEndpointAttacksInfrastructureAttacksDMAAttacksUSBAttacksDefendingAgainstInfrastructureAttacksPasswordCrackingTechniquesStoredPasswordLocationsandFormatsHydra

Loading page image...

CainJohntheRipperHashcatDefendingAgainstPasswordCrackingPasstheHashDefendingAgainstPass-the-HashAttacksBufferOverflowsIdentifyingBufferOverflowsAddingCodeinMemoryRunningtheCodeDefendingAgainstBufferOverflowsBypassingEndpointSecurityChapterReviewQuestionsAnswersReferencesandFurtherReadingChapter7NetworkAttacksIPAddressSpoofingDefendingAgainstIPSpoofingNetworkTrafficSniffingPassiveTrafficSniffingActiveTrafficSniffingUpgradedSSLAttack:SSLStrippingDefendingAgainstTrafficSniffingSessionHijackingDefendingAgainstSessionHijackingChapterReviewQuestionsAnswersReferencesandFurtherReadingChapter8DenialofServiceAttacksLocalDoSAttacksRemoteDoSAttacks

Loading page image...

ProtocolAttacksApplication-LayerAttacksVolumetricAttacksBotnetsDDoSAttacksReflectedDDoSPulsingZombiesDoS/DDoSToolsDefendingAgainstDoS/DDoSAttacksChapterReviewQuestionsAnswersReferencesandFurtherReadingChapter9WebApplicationAttacksWebProxiesOWASP(OpenWebApplicationSecurityProject)CommandInjectionDefendingAgainstCommandInjectionAccountHarvestingDefendingAgainstAccountHarvestingSQLInjectionNormalSQLOperationCheckingforSQLInjectionTestingManualSQLInjectionStringsAutomatingSQLInjectionUsingBurpSuiteDefendingAgainstSQLInjectionXSS(Cross-SiteScripting)ReflectedXSSStoredXSSDefendingAgainstXSSCSREF(Cross-SiteRequestForgery)DefendingAgainstCSRFNiktoWPScan

Loading page image...

ChapterReviewQuestionsAnswersReferencesandFurtherReadingChapter10MaintainingAccessMalwareCategoriesBackdoorsandTrojansExamplesofBackdoorsandTrojansLegitimateToolsUsedbyAttackersforRemoteControlRootkitsUserModeRootkitsKernelModeRootkitsMalwareWrapping,Packing,andObfuscationMalwareAnalysisDefendingAgainstBackdoors,Trojans,andRootkitsChapterReviewQuestionsAnswersReferencesandFurtherReadingChapter11CoveringTracksandTunnelingLogTamperingandShellHistoryManipulationWindowsLogsLinuxLogsShellHistoryManipulationDefendingAgainstLogTamperingandShellHistoryManipulationHidingFilesandUsingSteganographyHidingFilesinLinuxHidingFilesinWindowsSteganographyDefendingAgainstHidingFilesandUsingSteganographyTunnelingICMPTunneling

Loading page image...

TCP/IPTunnelingDefendingAgainstTunnelingChapterReviewQuestionsAnswerReferencesandFurtherReadingChapter12Worms,Bots,andBotnetsWormsWormExamplesBots/BotnetsDefendingAgainstWorms,Bots,andBotnetsChapterReviewQuestionsAnswersReferencesandFurtherReadingAppendixACommandsIndexAppendixBToolsAppendixCExamIndexAppendixDAbouttheOnlineContentSystemRequirementsYourTotalSeminarsTrainingHubAccountPrivacyNoticeSingleUserLicenseTermsandConditionsTotalTesterOnlineTechnicalSupportGlossaryIndex

Loading page image...

IwouldliketoextendmythankstoWendyRinaldifromMcGrawHillforentrustingmetowriteanotherbook,aswellasEmilyWaltersforhervigilantsupportandpromptfeedback,andPattyMonforreachingoutwithvaluablesuggestionsonhowtomakethecontentashelpfulaspossibleforthereaders.

Loading page image...

INTRODUCTIONEveryonehasadifferentmindsetabouttakingexams.Someneedtherelatedcertificationstoprogressintheircareersorbecausetheiremployersdemandit.Othersjustwanttoattendassociatedcoursestoaccumulateknowledgeanddon’tnecessarilymindtheexamsorthecertificationsthatcomewiththem.Beforeyoustartreadingthisbook,youneedtodecidewhatexactlyyouwanttodo.Doyouwanttojustgetsomebasicknowledgearoundincidentresponse,ordoyouwanttofullypreparefortheGIACCertifiedIncidentHandler(GCIH)exam?Hopefully,youwillbesatisfiedeitherway,butifyouareaimingtotaketheexam,amoremethodicapproachwillbewarranted.Ifthat’sthecase,keeponreading.TheExamFormatBeforeyoureadthissection,aclarificationneedstobeprovided.Thisbookisnotheretogiveyouashortcuttotheexamortoprovideanydetailsthatgiveunlawfulinsightintotheexamitself.EverythingmentionedhereispublicinformationthatGlobalInformationAssuranceCertification(GIAC)haspublishedtoaidexamtakersinpreparingfortheexam.Firstofall,thegoodnews:Theexamisopenbook.Ohyes,that’sright.Nowforsomebadnews:Theexamisopenbook.Thiscaneasilymakeyouhaveafalsesenseofconfidencebecauseyouthinkyoucananswerallquestions,sincetheanswersareinthisbookoranyotherresourcesyoubringintheroom.However,ifyoudon’tstudyhard,spendingtimeunderstandingthematerialandpracticingeverythinginthelab,youwillundoubtedlyfindoutthehardwayhowdifficultanopen-bookexamcanbe.Youreallydon’twanttogointothatroomunderprepared.AlltheinformationregardingtheGCIHexamcanbefoundinGIAC’swebsite:https://www.giac.org/certification/certified-incident-handler-gcih.Thenumberofquestionsisintherangeof100to150,whilethedurationis

Loading page image...

fourhours,whichshouldbeplentyoftimeforyoutogothroughallthequestions.Thepassingmarkissetat73percent.GIACalsomentionssomedetailsaboutitsCyberLivefeature(https://www.giac.org/cyberlive/fags),whichisalsoincorporatedintheexam.Asofthiswriting,accordingtoGIAC’swebsite,fiveexamsusethisfeature,andGCIHisoneofthem.InplainEnglish,thismeansthattoanswersomequestions,youneedtoaccessavirtualenvironmentandperformsomepracticalactivitiestogetthedesiredoutput.Alotofpeopledreadthispossibility,whileotherssimplyadoreit.Youdon’tneedtoloveit,butyoudoneedtobepreparedforit.Onethingisforsure.Youcan’ttrytoanswerapracticalquestionjustbysearchingaroundthevirtualizedenvironmentanditstoolsforanswers.Tothatend,youcanreviewChapter1andcreateyourownvirtual(orphysical)labtopracticeallthetoolsandtechniquesmentionedthroughoutthebook.Ifthat’snotenough,enrichthatlabwithmoretoolsandmachines.Ifthatisstillnotenoughtofeelcomfortable,youcanalwaysjoinanonline“capturetheflag”competitiontogetthenecessaryexposureandupskillbeforeattemptingtheexam.AnotheroptionisasubscriptiontoanonlinelablikeHackTheBox(https://www.hackthebox.eu/),whichoffersnumerousmachinesyoucanattackusingvariousmethodsandtools.Inmyhumbleopinion,CyberLiveisagreatfeaturebecauseithelpstheexammaintainitsqualityandrespectamongotherexamsintheindustry,plusitensuresonlypeoplewhopossessacertainskilllevelaregrantedtheincidenthandlercertification.Thesepeoplearegoingtoberesponsibleforlarge-scaleincidentsandwillneedtoprovideawaytorespondtothem.Thissometimesinvolveslife-criticalsystems,sothatresponsibilityandthisexamshouldn’tbetakenlightly.Withregardtospecificexamobjectives,thisisthelistthatGIACprovidesontheirwebsite:«IncidentHandling:Identification«IncidentHandling:OverviewandPreparation«ClientAttacks«CoveringTracks:Networks«CoveringTracks:Systems+DenialofServiceAttacks«+IncidentHandling:Containment

Loading page image...

+IncidentHandling:Eradication,Recovery,andLessonsLearned»NetworkAttacks«OverflowAttacks«PasswordAttacks*Reconnaissance+Scanning:DiscoveryandMapping«Scanning:TechniquesandDefense+SessionHijackingandCachePoisoning«TechniquesforMaintainingAccess*WebApplicationAttacks*Worms,Bots,andBotNetsNotethatinordertotaketheexam,youneedtoregisterthroughaPearsonVUEtestcenter.Althoughmostcentersarequiteup-to-datewitheachexam,doensureyouprintoutacopyoftheconfirmatione-mail,whichclearlystatesthisisanopen-bookexam.Thelastthingyouwantistonotbeallowedtocarryabookorothermaterialsintheroombecausetheinvigilatorthoughtnosuchmaterialswereallowed.ThisisnotsomethingthatIjustmadeup,asithashappenedtosomestudentsofmine,althoughit’sveryrare.PreparingfortheExamThebestthingyoucandotopreparefortheexamistostudyhard.Period.Therearenoshortcutsandnoeasyways.Now,whenIsaythistostudentsthefirstquestionIgetis“Howmuchtimeisrequiredtoprepare?”Theanswerreallyis“Aslongasittakes.”Iamnottryingtobecynical,buttherequiredtimeactuallydependsonyourskilllevel.Ifyouareabeginnerinsecurity,thensubstantiallymoretimewillberequired.Ifyouareaseasonedindividualwithin-depthknowledgeofthearea,especiallywithexperienceinincidenthandling,thismaybeeasier,butyouwillstillneedtostudy.AnotherquestionIgetis“DoIhavetoattendacourseorcanIself-studyfortheexam?”Thatdependsonyourbudgetanddesire,inadditiontohowyoutendtolearnbetter.Somepeopleneedaninstructortogivelecturesabouthow

Loading page image...

thingsworkandwanttobeabletoaskquestionsandinteractthroughoutthelearningprocess.Inthosecases,acourseisreallyuseful.GIACrecommendsSANScoursesforallitsexams.Infact,althoughyoumayaskGIACwhatresourcesyoucanusetoself-study,theywilldirectlytellyoutheyonlyrecommendSANStrainingsforanyoftheirexams.ThecoursecorrespondingtothisexamisSANSSEC504:HackerTools,Techniques,Exploits,andIncidentHandling(https://www.sans.org/course/hacker-techniques-exploits-incident-handling).GIAC’spreparationguidelinescanbefoundathttps://www.giac.org/exams/preparation.Asasidenote,IwholeheartedlybelievethatSANScoursesandinstructorsarethebestthesecurityindustryhastooffer.Thepeopleteachingthoseareconstantlyinthetrenches,facingrealincidentsdayinanddayout.TheycreatecoursesforSANSandteachthosecoursesbecausetheyjustlovepassingontheirknowledgeandgivingbacktothesecuritycommunity.IfeelhonoredtohavehadtheprivilegeofattendingnumerousSANSconferencesthroughouttheyearsandcantellyouit’savaluableexperiencethatIhighlyrecommend.Theonlyconsiderationisusuallycost,especiallyifyouneedtotraveltotheevent’slocationandpaysubsistenceforamultidaycourse.Havingsaidthat,therearealsooptionsforyoutoattendcoursesremotelyandondemand,whichcanbemuchmoreaffordable.Ifyouaimtoself-studyfortheexam,thisbookisagreatresource.IhavemadeeveryefforttoprovideyouwithenoughdetailstocovertheofficialobjectivessetoutbyGIAC.However,ifyouneedtodrilldownmoreinsomeadditionalareasthatcloselyrelatetowhatisreferencedinthebook,thenyoushouldtakethetimetodojustthat.Don’trushanddefinitelydon’tskipthings.Tothatpurpose,Ihaveaddednumerousreferencesandresourcesattheendofeachchapter.However,youneedtobeawarethatthisbookneedstostayalignedwiththeexam’sobjectivesanddiscussthoseindepth.Thatmeanstheremaybesomeotherareasthatarecoveredinlessdetailtoaccountforthatfact.Forexample,Linuxandnetworkingarenotintheexamobjectives.Assuch,ifyoulackLinuxornetworkingskills,youmightneedtostudyabitmorebeforeyoustartfeelingatease.However,thebookoffersenoughinsighttogetyoustartedandbeabletokeepupwiththecontent,butitreallyisn’taboutLinuxornetworking.Inthosecaseswhereyouneedextensiveinformationforaspecificarea,pleasefeelfreetosupplementaccordingly.Thesameprincipleappliestoeverythingelseinthebook.Thisisalsoacrucialpartofthelearningprocess.OneofthebestprofessorsIhad

Loading page image...

inmyundergraduatecourseoncesaid,“Youarenotheretobetaughteverything.Youareheretobetaughthowtoresearchandthengoawayandconquerknowledge.”Ittookmeseveralyearstounderstandwhathemeant.Butgradually,especiallybeinginITforlongenough,IrealizedthatwheneverIdon’tknoworremembersomething,Ijustgoandresearchit.That’sexactlytheapproachthatisexpectedwiththesetypesofexams,whichisanotherreasonwhyithelpsthattheexamformatisopenbook,sinceyouaren’tlimitedinwhatyouuse.Anothercrucialpartofthepreparationprocessishavingareallygoodexamindexthathelpsyouspeedthingsup.AppendixChasashortindextemplate,whichshowswhatstructurecanbeveryhelpfulduringtheexam.Youcanaddvariousitemsfromthisbookandanyotherbooksorsourcesyouareusing,inadditiontocommands(liketheonespresentinAppendixA)andtools(listedinAppendixB).IhavemadeeveryefforttoincludealltoolsandcommandspresentinthebookinAppendixesAandB.ThecommandindexincludestheOSthatthecommandworksin,alongwithashortdescriptionofitsuse.Thetoolsindexhasthetoolnames,ashortdescriptionoftheiruse,andaURLwhereyoucandownloadthemfrom.JustkeepinmindthatURLstendtochangeveryfrequently,andthisbookhasalmost300ofthem.Icanassureyouthatatthetimeofwritingallwerefunctional,butsomeofthemareboundtobemovedornotworkingwhenyoutrythemout.Inthosecases,useyourfavoritesearchengine,andyouwilleasilyidentifyaworkingdownloadpage.However,whenyoudothat,takespecialcareofwhereyouaredownloadingtoolsfrombecausenoteverysourcecanbetrusted.ThesameappliesforanywebpagesthatarementionedinAppendixBandmightbehostingmalwareinthefuture.AnyresourceslikethesearenotownedormaintainedbyMcGrawHill,sothere’snowaytoensuretheyremainsecure.Pleaseensureyouonlyaccesswebpageswhenyoufeelcomfortabledoingso.AppendixCprovidesanindicativeindextemplatethatcanbeusedtoprepareyourexamindex.ThinkofitlikeacombinationofAppendixAandAppendixBinadditiontohavinganewsectionforthetermsyouencounterasyoureadthisbookoranyotherrecoursesyouintendtousefortheexam.YoucanuseExceltocreatedifferentsheets(correspondingtoparts1,2,and3ofAppendixC)andthenprinttheminsequenceandbindthemtogether.Ifyouareusingmoreresourcesthanthisbook(which,ofcourse,youaremorethanableto),youcanalwayscreateasmallentryattheendofyourindexand

Loading page image...

representeachresourcewithanumber—forexample,thisbookcouldbenumber1andanotherbookyouareusingcouldbenumber2,andsoon.Thatwillmakenavigatingthroughyourindexreallyeasybecauseinthe“book”columnyoujustspecify1or2insteadoflongtitles.Theimportantthingtounderstandisthateachindexispersonal,sotailorittoyourneeds.Thatmeansputthekeytermsyouneedintheindex,alongwithwhatbookandpagetheyarein,andalwaysaddashortdescription.Thatsavesyoualotoftimebecauseevenifyoudon’tactuallyrememberthetermyoumentionedinyourindex,youcanusethatdescriptiontorefreshyourmemorywithouthavingtogobacktoeachparticularpagethattermisin.Thegoalistosaveyouthehassleofgoingbacktotheactualresourcesmoretimesthanyouneedto.Cheatsheetscanalsohelpsaveyoutime,butyouhavetofindabalancesoyoudon’thavetoomanyresourcesthatmaybeconfusingforyou.Practicemakesperfect.Whichconvenientlybringsmetomynextpoint:practicetests.Thisbookhasacollectionof300onlinetesterquestionsinadditiontoallthequestionsattheendofeachchapter.AlsonotethatwhenyouregisterfortheGCIHexam,GIACprovidesyouwithtwofreepracticetests.That’sreallygreatbecauseCyberLivequestionsareincluded,andthatcangoalongwayinmakingyoufeelateasewiththeexamenvironment.ExamPreparationHintsIhavecompiledthefollowinglistofhintsthatyouneedtoconsiderasyou'reansweringthequestionsinthisbook,aswellaswhentakingtheactualexam:*Beawareofabsolutestatements.Forexample,ifaquestionstates,“WhichofthefollowingcommandsisneverusedinWindows”thenyouhavetobeabsolutelysurethatthiscommandisreallyneverused.However,theeasiestwaytotacklethisistoidentifyascenariothatwouldmakethisstatementfalse.So,ifyoumanagetoidentifyasituationwherethecommandisactuallyused,thenyouautomaticallyinvalidatethatstatementandyouknowit’snotacorrectanswer.«Whenansweringquestionsconsiderwhatyoudon’tknow.It’snotenoughtoidentifyaquestion’scorrectanswer,andyoureallyshouldn’tguesswhenpreparingfortheexam.Identifyingwhyalltheotheroptionsarewrongisequallyimportantbecauseanexamquestion

Loading page image...

mightrelatetothose.Inaddition,alwaysknowthebackgroundoftheanswers.Don’tjustidentifythecorrectoptionandthinkyoukindofknowwhytheothersarewrong.Whenstudying,timeisonyourside.Whentakinganexam,itisn’t.Ifyouinvestmoretimepreparing,youwillneedlesstimetoanswerquestionswhentakingtheexam.«Thinkofexamplesasmuchasyoucan,especiallyfrompracticalexperience.Ifaquestionmentionsforensicimaging,thinkaboutwhattypesofforensicsoftwareyouhaveinyourcompanyinordertomakeassociationsaboutwhatyouarebeingasked.There’sreallynosubstituteforexperience.«Trytoidentifydistractors.Sometimes,afewanswersseemreallywrongorflatoutunsuitableforthecontextofthequestion.Thoseareusuallydistractorsplacedtheretoconfuseyou.Readalltheorycarefullyandtrythetoolsandcommandsbeforeattemptingtoansweranyquestions.Thatwillinstilltheconceptsinyourmindandyouwillhavelesschanceofgettingconfusedbysuchdistractors.*Reviewallpossibleanswersascarefullyasthequestions.Thisisespeciallyimportantwhenthequestionscontainstatementslike“leastpossible,”“mostprobable,”“bestanswer,”“leasteffective,”“lesslikely,”andsimilarones.Thatmeansyouneedtoevaluateallpossibleoptionscarefullysotheappropriateanswercanbeidentified.«Somequestionswillseemvagueormaycontainthingsyouhaveneverheardofbefore.Anefforthasbeenmadetoincludesuchquestionsinthebookinordertosimulatetheconditionsoftheexam.Don’tbeafraidofthesequestions.Trytoreadboththequestionandallanswersascarefullyaspossibleandruleoutwhatyouthinkisnotsuitable.«Scenario-orcommandoutput-relatedquestions.Anyquestionsrelatingtoashortscenarioorcommandoutputwouldrequireyoutoreviewthatclosely.Usually,theanswer,orsomereallygoodhintsaboutit,areincludedinthescenarioorcommandoutput.Reviewthosecarefullybeforeanswering.«Sometimesmorethanoneanswermayseemfitting.Readthequestionandallpossibleanswersagaininordertodistinguishtheonethatistrulycorrect.

Loading page image...

«opkmlck;fqymd,.9d2;qjD,.gjkd.;.....dklwd8uDon’tdwellonwhatyoudon’tknoworcan’tremember.There’snopointinstressingaboutsomethingyoudon’trememberormightnotevenknowwhentakingtheexam.Again,preparationiskey.Trytoreviewanytheoryinadvancesoyouarefamiliarwithallrelatedconcepts.HowtoUseThisBookEachchapterconsistsofthefollowingelements:«Shortchapterintroductionandlearningtopics«In-depthdiscussionaboutalllearningobjectives+End-of-chapterreview*QuestionsandanswersIt’sreallycrucialtotakeyourtimewhenreadingquestions,becausesometimesyouwillgetthemwrongjustbynotpayingenoughattention.Usethehintsprovidedintheprevioussection,anddon’tbeafraidtoreadchaptersmanytimesandreviewquestionsandonlyanswerthemaftercarefulreflection.Usethebook’sonlinecontent(detailedinAppendixD)tomakethebestoutofit,sinceitallowsyoutocreatecustomtestsetsthatyoucanusetopractice.Don’tneglecttopracticethetoolsandthecommandspresentedthroughoutthebook.Theonlywaytosolidifytheconceptsandactuallyusetheminreal-lifeincidentsafterwardsisbytestingeverythingout.Don’tbeafraidifsomethingdoesn’twork.Troubleshootingispartoftheprocess.Everyefforthasbeenmadetocarefullyprovideaccuratecommandoutputsandup-to-datetoolsandcontent,butsometimesthingsdobreak.Varioustipshavebeenplacedthroughoutthebooktofocusyourattentiononparticularitemsthatmayprovevaluable,andcautionmarkershavebeenplacedtohighlightactivitiesthatmayhaveimpact,especiallywhenperformedinproductionsystems.Also,alotofcarehasbeenspentincreatingvariousfiguresandillustrationstoprovideyouwiththebestexperiencepossible.Bymycount,nofewerthan160figuresandillustrationshavebeenusedinthebook,whichwillhopefullyhelpyougetadeepunderstandingoftheassociatedconcepts.Takeparticularnoteofcommandoutputs.Testthetoolsandcommandson

Loading page image...

yourlab.Experimentasmuchasyoucan,changetheparametersandtargets,andusevariousoperatingsystems,ifpossible,togetafullunderstandingofhowallofthemareused.Notethatmostcommandoutputsareeithertrimmedorsplitacrossvariouslinesinordertoaccountforpageconstraints.Lastly,letmewishyouallthebestinyourexamjourney,andIdohopealltheknowledgeaccumulatedinthebookhelpsyoupasstheexam,butmorethanthat,providesyouwithenoughrecoursestobeabletorespondtoliveincidents.Ifyouhaveanyfeedback,pleasedon’thesitatetoprovideit.Wealwaystrytoaccountforanysuggestionsandimprovethecontentaswegoalong.

Preview Mode

This document has 640 pages. Sign in to access the full document!

Report

Study Now!

Document Details

Related Documents

GPEN GIAC Certified Penetration Tester All-in-One Exam Guide (2020)

Company

Explore

Study Tools