System File Analysis
Monitoring system files such as authentication databases, configuration files, system logs, and system executables for modification or tampering.
How it works
This technique ensures the integrity of system owned file resources. System files can impact the behavior below the user level.
- Need to manage the size of log file analysis.
- False positives are a concern with this technique and filtering will need to be given additional thought.
- A baseline or snapshot of file checksums should be established for future comparison.
There are 2 countermeasure techniques in this category, System File Analysis.
|System File Analysis||D3-SFA||Monitoring system files such as authentication databases, configuration files, system logs, and system executables for modification or tampering.|
|- Service Binary Verification||D3-SBV||Analyzing changes in service binary files by comparing to a source of truth.|
The following references were used to develop the System File Analysis knowledge-base article.
(Note: the consideration of references does not imply specific functionality exists in an offering.)