Setting up for forensics

Wednesday, 30 July 2003, 7:52 PM EST

You have just been hacked! What do you do next? Many experts say to take forensic evidence. However, if you are not prepared to take this evidence, you may be in worse shape than you realize. Following proper evidence-gathering techniques is critical to preserving the scene of the crime. Just watch an episode of CSI and you can see how complex this can get. With computer systems, the same care must be taken.

Assume that any critical system will be hacked. What do you need to do to ensure that you can gather the evidence and quickly determine the damage, method, and motive of the hack? The goal of this article is is to create a CD-ROM of forensic tools and databases for use with your systems, and also outline some methods to collect forensic evidence from production systems.

Keep in mind that there are many ways to go about this task. When employing any of the techniques and tips covered by this article, first consult your IT department. Preparing for forensics can be a time- and disk-intensive operation. Be aware that security tools themselves may cause issues, and that you should get permission before progressing.

[ Read more ]

Related items




Spotlight

How GitHub is redefining software development

Posted on 26 January 2015.  |  The security industry is slowly realizing what the developer community knew for years - collaboration is the key to and likely the future of innovation.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  
DON'T
MISS

Thu, Jan 29th
    COPYRIGHT 1998-2015 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //