Skip to content
Log in

Configuration drift

Definition

Deviation from an approved baseline configuration, whether caused by legitimate administrative action or by an attacker modifying settings to weaken defences or enable persistence. Eradication must identify and reverse all attacker-induced configuration drift.

Related terms

Indicator of Compromise (IoC)
An observable artefact that suggests a system has been involved in a malicious event. Static analysis produces file-based IoCs: cryptographic hashes, embedded...
Persistence mechanism
The technique malware uses to survive a reboot or user logout. Common methods include registry run keys, scheduled tasks, Windows services, cron...
Reimaging
Wiping a compromised system and restoring it from a known-good operating system image. Reimaging is the most reliable eradication method for host-level...
Rogue account
A user or service account created by the attacker during the intrusion to maintain access independent of any compromised legitimate account. Rogue...
Web shell
A script (typically PHP, ASP, or JSP) placed on a web server by an attacker to provide remote command execution via HTTP...

Explained in

  • Threat Eradication MethodsDeviation from an approved baseline configuration, whether caused by legitimate administrative action or by an attacker modifying settings to weaken defences o...

Your journey to becoming a forensic professional starts here.

Practice with mock tests, learn from structured notes, and get your questions answered by a global forensic community, all in one place.

Continue learningCreate Your Account