Re: Compromised system - still ok?
In article <firstname.lastname@example.org> you wrote:
>> - for forensics.. use a good cd or build a custom disk
>> with with lot of fun forensics on it and fiddle till one finds
>> all the answers :-0
> Make sure that you don't do forensics on the original image. Investigating
> the situation may require running fsck etc which changes things.
And talking about forensics: use "script" to generate a complete typescript
of your forensics session.