Setting up for forensics

Wednesday, 30 July 2003, 7:52 PM EST

You have just been hacked! What do you do next? Many experts say to take forensic evidence. However, if you are not prepared to take this evidence, you may be in worse shape than you realize. Following proper evidence-gathering techniques is critical to preserving the scene of the crime. Just watch an episode of CSI and you can see how complex this can get. With computer systems, the same care must be taken.

Assume that any critical system will be hacked. What do you need to do to ensure that you can gather the evidence and quickly determine the damage, method, and motive of the hack? The goal of this article is is to create a CD-ROM of forensic tools and databases for use with your systems, and also outline some methods to collect forensic evidence from production systems.

Keep in mind that there are many ways to go about this task. When employing any of the techniques and tips covered by this article, first consult your IT department. Preparing for forensics can be a time- and disk-intensive operation. Be aware that security tools themselves may cause issues, and that you should get permission before progressing.

[ Read more ]

Related items




Spotlight

Operation Pawn Storm: Varied targets and attack vectors, next-level spear-phishing tactics

Posted on 23 October 2014.  |  Targets of the spear phishing emails included staff at the Ministry of Defense in France, in the Vatican Embassy in Iraq, military officials from a number of countries, and more.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Fri, Oct 24th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //