20190813_dfirfit_pub.pdf

%'*3'*5Λ΍Δ "OBMZ[JOHJ04)FBMUI%BUB !TZT@TPDLFU

ΞδΣϯμ w ࣗݾ঺հ w %'*3'*5ͱ͸ w J04%BUB"DRVJTJUJPO w J04ϔϧεέΞσʔλ෼ੳ w
͓ΘΓ

ࣗݾ঺հ w ໊લ͚ͦͱ w 5XJUUFS!TZT@TPDLFU w ࢓ࣄ*P5ϖϯςετɺϑΥϨϯδοΫௐࠪͳͲ w #MPHIUUQTTPDLFUPIBUFOBCMPHKQ w
%'*3$IBMMFOHFΛ΍ͬͨΓͯ͠·͢

%'*3'*5

%'*3'*5ͱ͸ w 5XJUUFSɺ*OTUBHSBNͰʮ%'*3'*5ʯݕࡧ w ༗໊ͳւ֎ͷϑΥϨϯδοΧʔͷํ΍%'*3ʹैࣄ͍ͯ͠Δํʑͷ  ϑΟοτωε৘ใ

%'*3'*5ͱ͸

%'*3'*5PS#645

%'*3'*5PS#645 w 4"/4%'*34VNNJUJO"VTUJOͰൃද͞Εͨ w ৄࡉ͸ҎԼ w 1SFTFOUBUJPO%'*3'*5PS#645@"'PSFOTJD&YQMPSBUJPOPGJ04 )FBMUI%BUB 4"/4%'*34VNNJU NBDODPN 
IUUQTXXXNBDODPNCMPHQSFTFOUBUJPOEpSpUPS CVTUBGPSFOTJDFYQMPSBUJPOPGJPTIFBMUIEBUBTBOTEpSTVNNJU

%'*3'*5PS#645 w IUUQTXXXZPVUVCFDPNXBUDI WU-ZK1S3EZ*

J04%BUB"DRVJTJUJPO

J04"DRVJTJUJPO w J1IPOFͷσʔλऔಘͷํ๏͸ओʹͭ w J5VOFT#BDLVQσʔλˡࠓճ͸ओʹ͜ΕΛ࢖༻ w +BJMCSFBL͔Βͷσʔλऔಘ w .PCJMF'PSFOTJDTπʔϧͷ࢖༻

J5VOFT#BDLVQ͔Βͷऔಘɹ w J1IPOFΛJ5VOFTʹ઀ଓɺόοΫΞοϓͰʮ͜ͷίϯϐϡʔλʯΛબ୒  ʮϩʔΧϧͷόοΫΞοϓΛ҉߸Խʯ͢Δ͜ͱͰϔϧεσʔλ΋  όοΫΞοϓ͞ΕΔ       

+BJMCSFBL୺຤͔Βͷσʔλऔಘ w +BJMCSFBLͷख๏ͳͲ͸ׂѪ w +BJMCSFBL୺຤΁44)઀ଓ͕ग़དྷΔ͜ͱલఏ w EEίϚϯυ͕࢖͑Δ͕ɺݖݶपΓͰౖΒΕͯஅ೦ w QSJWBUFWBSԼͷϢʔβྖҬΛ44)ӽ͠ʹऔಘ͢Δ   
TTISPPU!<J1IPOF*1"EESFTT>bUBSDGQSJWBUFWBSbVTFSUBS

J04ͷϔϧεέΞ w J04͔ΒೖͬͨʮϔϧεέΞʯ৘ใͳͲΛ؅ཧ͢Δ  ΞϓϦ w αʔυύʔςΟΞϓϦͱͷ࿈ܞʹΑΓઁऔͨ͠৯ࣄͷ  ৘ใɺਭ຾ͷ৘ใɺϫʔΫΞ΢τͷ৘ใͳͲΛ؅ཧ       
 

J04ͷΞΫςΟϏςΟ w "QQMF8BUDIͰͷϫʔΫΞ΢τ΍αʔυύʔςΟΞϓϦͷΞΫςΟϏςΟ               
 

J04ϔϧεέΞσʔλ GSPNJ5VOFT#BDLVQ w .BDɿ6TFS<6TFSOBNF>-JCSBSZ"QQMJDBUJPO4VQQPSU.PCJMF4ZOD#BDLVQ w 8JOEPXTɿa"QQ%BUBa3PBNJOHa"QQMF$PNQVUFSa.PCJMF4ZODa#BDLVQa

J04ͷϔϧεέΞσʔλ GSPN+BJMCSFBL w QSJWBUFWBSNPCJMF-JCSBSZ)FBMUI w 42-JUF%BUBCBTFͳͷͰී௨ʹʮ%##SPXTFSGPS42-JUFʯͰӾཡՄa w ʮIFBMUIEC@TFDVSFTRMJUFʯ͕ͳ͍ɺTIN XBM͸ଘࡏ͢Δ 
       

J04ϔϧεέΞσʔλ GSPNϔϧεέΞ w ʮϔϧεέΞʯΞϓϦͷΤΫεϙʔτػೳ w 9.-ܗࣜͰ%VNQ͞ΕΔ w FYQPSU@DEBYNM w ॻ͖ग़ͨ͠σʔλYNM
w 9.-ܗࣜͳͷͰ9.-ύʔαͱ͔Ͱ৭ʑͰ͖Δ   

J04ϔϧεέΞσʔλͷղੳ

ݕূ؀ڥ w J1IPOF9 J04 w "QQMF8BUDI4 w
J5VOFT 7FSTJPO

)FBMUI ͷσʔλ w ʮIFBMUIECTRMJUFʯ w σʔλιʔε σόΠεɺΞϓϦέʔγϣϯ ৘ใͳͲɺ؅ཧ৘ใ w ʮIFBMUIEC@TFDVSFTRMJUFʯ
w ओͳϔϧεέΞσʔλɺϫʔΫΞ΢τ౳ͷେྔͷ৘ใ w ʮIFBMUIECTRMJUFʯʹϦϯΫ͞Ε͍ͯΔ

IFBMUI@ECTRMJUF

σʔλιʔε TPVSDF@EFWJDFT w ࠓ·Ͱ࢖༻͍ͯͨ͠σʔλιʔε͕ อଘ͞Ε͍ͯΔ w ιϑτ΢ΣΞߋ৽͝ͱʹ৽ͨʹ  ιʔεσόΠεͱͯ͠ొ࿥͞Ε͍ͯΔ

σʔλιʔε TPVSDFT αʔυύʔςΟͷΞϓϦ͕ιʔεʹͳ͍ͬͯΔ

IFBMUIEC@TFDVSFTRMJUF w ςʔϒϧ͕ݸ΄Ͳ͋Γ݁ߏେ͖͍ w ஫໨ςʔϒϧ w BDUJWJUZ@DBDIFTΞΫςΟϏςΟʹؔ͢Δه࿥ w TBNQMFTEBUF@UZQF͝ͱͷ਺஋ه࿥ w
RVBOUJUZ@TBNQMFTTBNQMFTͷ֤σʔλͷ௥Ճ৘ใ

աڈҰ൪ಈ͍͍ͯͨ೔Λ୳͢ w ʮBDUJWJUZ@DBDIFTʯҠಈڑ཭΍า਺ͳͲͷΞΫςΟϏςΟʹؔ͢Δه࿥

TBNQMFTͷओͳ%BUBUZQFT EBUB@UZQF JE ಺༰ ମॏ ৺ഥ า਺
Ҡಈڑ཭ N ҆੩࣌ফඅΤωϧΪʔ ΞΫςΟϒΤωϧΪʔ ্͕ͬͨ֊਺ ʙ ӫཆૉ

શظؒͷମॏͷ૿ݮΛݟ͍ͨ 56 58 60 62 64 66 68 70 72
2017/3/14 0:00 2017/4/14 0:00 2017/5/14 0:00 2017/6/14 0:00 2017/7/14 0:00 2017/8/14 0:00 2017/9/14 0:00 2017/10/14 0:00 2017/11/14 0:00 2017/12/14 0:00 2018/1/14 0:00 2018/2/14 0:00 2018/3/14 0:00 2018/4/14 0:00 2018/5/14 0:00 2018/6/14 0:00 2018/7/14 0:00 2018/8/14 0:00 2018/9/14 0:00 2018/10/14 0:00 2018/11/14 0:00 2018/12/14 0:00 2019/1/14 0:00 2019/2/14 0:00 2019/3/14 0:00 2019/4/14 0:00 2019/5/14 0:00 2019/6/14 0:00 2019/7/14 0:00 weight EBUF@UZQF͕ʮʯͷσʔλΛTBNQMFT RVBOUJUZ@TBNQMFT͔ΒҾͬுͬͯ͘Δ %#ͷߏ੒͑͞෼͔Ε͹ΞϓϦ্Ͱ͸ग़དྷͳ͍ղੳ͕Մೳ

ऴΘΓͱࢀߟ৘ใ w %'*3'*5͍͖ͯ͠·͠ΐ͏ʂ w ൃలͱͯ͠͸ɺʮ%'*3PS#645ʯͷൃදͰ΋͋ͬͨΑ͏ ʹΞΫςΟϏςΟ৘ใ͔Β࣋ͪओ͕ͦͷ࣌ؒʹԿΛ΍͍ͬͯͨ ͷ͔ͳͲͷߦಈͷਪଌͳͲ͕Մೳʹ  w ࢀߟ৘ใ w
1SBDUJDBM.PCJMF'PSFOTJDT5IJSE&EJUJPO w NBDOIUUQTXXXNBDODPN w J04σόΠεϑΥϨϯδοΫೖ໳  IUUQTPXMJOVYHJUIVCJPCMPHQPTU BO@JOUSPEVDUJPO@PG@JPT@GPSFOTJDT

20190813_dfirfit_pub.pdf

20190813_dfirfit_pub.pdf

socketo

Other Decks in Technology

Featured

Transcript

%'3'5Λ΍Δ "OBMZ[JOHJ04)FBMUI%BUB !TZT@TPDLFU

ΞδΣϯμ w ࣗݾ঺հ w %'3'5ͱ͸ w J04%BUB"DRVJTJUJPO w J04ϔϧεέΞσʔλ෼ੳ w

ࣗݾ঺հ w ໊લ͚ͦͱ w 5XJUUFS!TZT@TPDLFU w ࢓ࣄ*P5ϖϯςετɺϑΥϨϯδοΫௐࠪͳͲ w #MPHIUUQTTPDLFUPIBUFOBCMPHKQ w

%'3'5

%'3'5ͱ͸ w 5XJUUFSɺOTUBHSBNͰʮ%'3'5ʯݕࡧ w ༗໊ͳւ֎ͷϑΥϨϯδοΧʔͷํ΍%'3ʹैࣄ͍ͯ͠Δํʑͷ  ϑΟοτωε৘ใ

%'3'5ͱ͸

%'3'5PS#645

%'3'5PS#645 w 4"/4%'34VNNJUJO"VTUJOͰൃද͞Εͨ w ৄࡉ͸ҎԼ w 1SFTFOUBUJPO%'3'5PS#645@"'PSFOTJD&YQMPSBUJPOPGJ04 )FBMUI%BUB 4"/4%'34VNNJU NBDODPN

%'3'5PS#645 w IUUQTXXXZPVUVCFDPNXBUDI WU-ZK1S3EZ*

J04%BUB"DRVJTJUJPO

J04"DRVJTJUJPO w J1IPOFͷσʔλऔಘͷํ๏͸ओʹͭ w J5VOFT#BDLVQσʔλˡࠓճ͸ओʹ͜ΕΛ࢖༻ w +BJMCSFBL͔Βͷσʔλऔಘ w .PCJMF'PSFOTJDTπʔϧͷ࢖༻

J5VOFT#BDLVQ͔Βͷऔಘɹ w J1IPOFΛJ5VOFTʹ઀ଓɺόοΫΞοϓͰʮ͜ͷίϯϐϡʔλʯΛબ୒  ʮϩʔΧϧͷόοΫΞοϓΛ҉߸Խʯ͢Δ͜ͱͰϔϧεσʔλ΋  όοΫΞοϓ͞ΕΔ

+BJMCSFBL୺຤͔Βͷσʔλऔಘ w +BJMCSFBLͷख๏ͳͲ͸ׂѪ w +BJMCSFBL୺຤΁44)઀ଓ͕ग़དྷΔ͜ͱલఏ w EEίϚϯυ͕࢖͑Δ͕ɺݖݶपΓͰౖΒΕͯஅ೦ w QSJWBUFWBSԼͷϢʔβྖҬΛ44)ӽ͠ʹऔಘ͢Δ

J04ͷϔϧεέΞ w J04͔ΒೖͬͨʮϔϧεέΞʯ৘ใͳͲΛ؅ཧ͢Δ  ΞϓϦ w αʔυύʔςΟΞϓϦͱͷ࿈ܞʹΑΓઁऔͨ͠৯ࣄͷ  ৘ใɺਭ຾ͷ৘ใɺϫʔΫΞ΢τͷ৘ใͳͲΛ؅ཧ

J04ͷΞΫςΟϏςΟ w "QQMF8BUDIͰͷϫʔΫΞ΢τ΍αʔυύʔςΟΞϓϦͷΞΫςΟϏςΟ

J04ϔϧεέΞσʔλ GSPNJ5VOFT#BDLVQ w .BDɿ6TFS<6TFSOBNF>-JCSBSZ"QQMJDBUJPO4VQQPSU.PCJMF4ZOD#BDLVQ w 8JOEPXTɿa"QQ%BUBa3PBNJOHa"QQMF$PNQVUFSa.PCJMF4ZODa#BDLVQa

J04ͷϔϧεέΞσʔλ GSPN+BJMCSFBL w QSJWBUFWBSNPCJMF-JCSBSZ)FBMUI w 42-JUF%BUBCBTFͳͷͰී௨ʹʮ%##SPXTFSGPS42-JUFʯͰӾཡՄa w ʮIFBMUIEC@TFDVSFTRMJUFʯ͕ͳ͍ɺTIN XBM͸ଘࡏ͢Δ

J04ϔϧεέΞσʔλ GSPNϔϧεέΞ w ʮϔϧεέΞʯΞϓϦͷΤΫεϙʔτػೳ w 9.-ܗࣜͰ%VNQ͞ΕΔ w FYQPSU@DEBYNM w ॻ͖ग़ͨ͠σʔλYNM

J04ϔϧεέΞσʔλͷղੳ

ݕূ؀ڥ w J1IPOF9 J04 w "QQMF8BUDI4 w

)FBMUI ͷσʔλ w ʮIFBMUIECTRMJUFʯ w σʔλιʔε σόΠεɺΞϓϦέʔγϣϯ ৘ใͳͲɺ؅ཧ৘ใ w ʮIFBMUIEC@TFDVSFTRMJUFʯ

IFBMUI@ECTRMJUF

σʔλιʔε TPVSDF@EFWJDFT w ࠓ·Ͱ࢖༻͍ͯͨ͠σʔλιʔε͕ อଘ͞Ε͍ͯΔ w ιϑτ΢ΣΞߋ৽͝ͱʹ৽ͨʹ  ιʔεσόΠεͱͯ͠ొ࿥͞Ε͍ͯΔ

σʔλιʔε TPVSDFT αʔυύʔςΟͷΞϓϦ͕ιʔεʹͳ͍ͬͯΔ

IFBMUIEC@TFDVSFTRMJUF w ςʔϒϧ͕ݸ΄Ͳ͋Γ݁ߏେ͖͍ w ஫໨ςʔϒϧ w BDUJWJUZ@DBDIFTΞΫςΟϏςΟʹؔ͢Δه࿥ w TBNQMFTEBUF@UZQF͝ͱͷ਺஋ه࿥ w

աڈҰ൪ಈ͍͍ͯͨ೔Λ୳͢ w ʮBDUJWJUZ@DBDIFTʯҠಈڑ཭΍า਺ͳͲͷΞΫςΟϏςΟʹؔ͢Δه࿥

TBNQMFTͷओͳ%BUBUZQFT EBUB@UZQF JE ಺༰ ମॏ ৺ഥ า਺

શظؒͷମॏͷ૿ݮΛݟ͍ͨ 56 58 60 62 64 66 68 70 72

ऴΘΓͱࢀߟ৘ใ w %'3'5͍͖ͯ͠·͠ΐ͏ʂ w ൃలͱͯ͠͸ɺʮ%'*3PS#645ʯͷൃදͰ΋͋ͬͨΑ͏ ʹΞΫςΟϏςΟ৘ใ͔Β࣋ͪओ͕ͦͷ࣌ؒʹԿΛ΍͍ͬͯͨ ͷ͔ͳͲͷߦಈͷਪଌͳͲ͕Մೳʹ  w ࢀߟ৘ใ w