On Thu, 29 Nov 2001 10:59:48 EST, Darren Welch <WELCHDat_private> said: > and will follow proper procedure in order to preserve evidence. Does > anyone know of canned scripts or software that can be install that will > set up the above environment and/or written procedures for handling > logic bombs aside from pulling the plug? Appreciate the help. Note that for *some* booby traps, "pulling the plug" may be the *wrong* thing to do, and result in the loss of the evidence. For instance, if an intruder created a (say) 60Mbyte file, and mounted it under Linux using an encrypted loopback device, powering down will probably lose the encryption, and all you are left with is an image of 60 megabytes of encrypted data. Similarly for any Unix system that allows a /dev/ramdisk or Solaris-style 'tmpfs'. Also, it might help if you told us what operating system(s) you are interested in - canned scripts for Solaris won't help if you're trying to do WinXP. ;) -- Valdis Kletnieks Operating Systems Analyst Virginia Tech
This archive was generated by hypermail 2b30 : Thu Nov 29 2001 - 09:27:56 PST