Indicator of compromise (IoC) in
computer forensics is an artifact observed on a
network or in an
operating system
An operating system (OS) is system software that manages computer hardware and software resources, and provides common daemon (computing), services for computer programs.
Time-sharing operating systems scheduler (computing), schedule tasks for ...
that, with high confidence, indicates a
computer intrusion.
Types of indication
Typical IoCs are
virus signatures and
IP address
An Internet Protocol address (IP address) is a numerical label such as that is assigned to a device connected to a computer network that uses the Internet Protocol for communication. IP addresses serve two main functions: network interface i ...
es,
MD5 hashes of
malware
Malware (a portmanteau of ''malicious software'')Tahir, R. (2018)A study on malware and malware detection techniques . ''International Journal of Education and Management Engineering'', ''8''(2), 20. is any software intentionally designed to caus ...
files, or
URLs or
domain names of
botnet command and control servers. After IoCs have been identified via a process of
incident response and
computer forensics, they can be used for early detection of future attack attempts using
intrusion detection systems and
antivirus software.
Automation
There are initiatives to standardize the format of IoC descriptors for more efficient automated processing. Known indicators are usually exchanged within the industry, where the
Traffic Light Protocol is being used.
See also
*
AlienVault
*
Mandiant
*
Malware
Malware (a portmanteau of ''malicious software'')Tahir, R. (2018)A study on malware and malware detection techniques . ''International Journal of Education and Management Engineering'', ''8''(2), 20. is any software intentionally designed to caus ...
*
Malware Information Sharing Platform
References
{{Reflist
Indicators