RE: info

From: dlaumannat_private
Date: Mon May 06 2002 - 14:12:00 PDT

  • Next message: Edwards, David (JTS): "netbuie.exe, and"

    > - any other recommendations? I'm pretty proficient in linux, 
    > but this is the first time
    > ive ran into a hacked box. from my past reading, i know the 
    > steps are to try and recover
    > any data not malformed and reinstall. any other pointers?
    you should try to do an offline investigation of the system, by getting an
    'image' of the entire drive as soon as possible. then work off of a copy of
    that image. this will allow you to work in a controlled environment, and get
    the 'dirty' host back up and running. the coroners toolkit, task, encase,
    and nti can help in offline analysis. these tool suites allow you to
    retrieve and view the device image safely and even view deleted data among
    other things...
    dd, encase, and safeback can yield device images.
    This list is provided by the SecurityFocus ARIS analyzer service.
    For more information on this free incident handling, management 
    and tracking system please see:

    This archive was generated by hypermail 2b30 : Mon May 06 2002 - 15:19:37 PDT