[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Compromised system - still ok?



In article <200502161522.18182.russell@coker.com.au> you wrote:
>>  - for forensics.. use a good cd or build a custom disk
>>  with with lot of fun forensics on it and fiddle till one finds
>>  all the answers :-0
> 
> Make sure that you don't do forensics on the original image.  Investigating 
> the situation may require running fsck etc which changes things.

And talking about forensics: use "script" to generate a complete typescript
of your forensics session.

Greetings
Bernd



Reply to: