Re: Compromised system - still ok?
In article <[🔎] 200502161522.18182.russell@coker.com.au> you wrote:
>> - for forensics.. use a good cd or build a custom disk
>> with with lot of fun forensics on it and fiddle till one finds
>> all the answers :-0
>
> Make sure that you don't do forensics on the original image. Investigating
> the situation may require running fsck etc which changes things.
And talking about forensics: use "script" to generate a complete typescript
of your forensics session.
Greetings
Bernd
Reply to: