Ido, > While catching this person is obviously of importance, > the more critical step to take is to secure the system > for forensic analysis. I would agree that the system needs to be secured, but what good does shutting down the system do if you loose all of the volatile data, such as running processes, network connections, etc? How do you trace the issue back to whomever is responsible if you don't even know what IP address they're coming from, b/c you've lost the volatile data? > I would recommend that the your > client unplug the power from the system (hopefully the > intruder has not setup a logic bomb that triggers if the > network interface goes down). I'm not sure I completely understand your reasoning here. If you unplug the power from the system, and the NIC goes down (due to lack of power), wouldn't the system itself shut off? Wouldn't the hard drive stop spinning and the CPU no longer process instructions? If that's the case...how's a logic bomb going to execute? Thanks, Harlan __________________________________________________ Do you Yahoo!? Yahoo! Platinum - Watch CBS' NCAA March Madness, live on your desktop! http://platinum.yahoo.com top spam and e-mail risk at the gateway. SurfControl E-mail Filter puts the brakes on spam & viruses and gives you the reports to prove it. See exactly how much junk never even makes it in the door. Free 30-day trial: http://www.surfcontrol.com/go/zsfptl1
This archive was generated by hypermail 2b30 : Wed Mar 26 2003 - 14:05:44 PST