Forensics CD (was: Re: Strange Folder

From: Meritt James (meritt_jamesat_private)
Date: Mon Oct 07 2002 - 06:12:09 PDT

Next message: woofzat_private: "Re: W2K Compromise - PipeCmdSrv"

Previous message: discipulus: "Re: Strange Folder"
In reply to: Neil Dickey: "Re: Strange Folder"
Next in thread: Neil Dickey: "Re: Forensics CD (was: Re: Strange Folder"
Next in thread: P.P. Lodder: "Re: Strange Folder"
Reply: Neil Dickey: "Re: Forensics CD (was: Re: Strange Folder"
Reply: Chet Uber: "Re: Forensics CD (was: Re: Strange Folder"
Reply: Ryan McBride: "Re: Forensics CD (was: Re: Strange Folder"
Reply: Brian Taylor: "RE: Forensics CD (was: Re: Strange Folder"
Reply: Neil Dickey: "Re: Forensics CD (was: Re: Strange Folder"
Reply: Morris, Rod: "RE: Forensics CD (was: Re: Strange Folder"
Reply: Jonathan Watts: "RE: Forensics CD (was: Re: Strange Folder"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

REAL good suggestion!  Any specific recommendations as to what should be
on the CD?

Jim

Neil Dickey wrote:

> It's a good idea to have a kit of such tools on a read-only
> CD in advance of an incident like this, so that you have
> tools you know you can trust -- that haven't been trojanned
> -- ready to use.  It's rather like the instructions in a
> snake-bite kit.  You want to be familiar with them *before*
> Mr. Snake has his way with you.

-- 
James W. Meritt CISSP, CISA
Booz | Allen | Hamilton
phone: (410) 684-6566

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

Next message: woofzat_private: "Re: W2K Compromise - PipeCmdSrv"
Previous message: discipulus: "Re: Strange Folder"
In reply to: Neil Dickey: "Re: Strange Folder"
Next in thread: Neil Dickey: "Re: Forensics CD (was: Re: Strange Folder"
Next in thread: P.P. Lodder: "Re: Strange Folder"
Reply: Neil Dickey: "Re: Forensics CD (was: Re: Strange Folder"
Reply: Chet Uber: "Re: Forensics CD (was: Re: Strange Folder"
Reply: Ryan McBride: "Re: Forensics CD (was: Re: Strange Folder"
Reply: Brian Taylor: "RE: Forensics CD (was: Re: Strange Folder"
Reply: Neil Dickey: "Re: Forensics CD (was: Re: Strange Folder"
Reply: Morris, Rod: "RE: Forensics CD (was: Re: Strange Folder"
Reply: Jonathan Watts: "RE: Forensics CD (was: Re: Strange Folder"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Mon Oct 07 2002 - 18:41:16 PDT