Re: how to find trace of attacks
On Tue, Dec 30, 2008 at 8:24 AM, abdelkader belahcene
<abelahcene@gmail.com> wrote:
> Hi,
> I fear that an attack or an entry in my PC has occured, how to find the
> trace of the attacks.
It depends entirely on what the attacker did on your system. If you
haven't already you should shut down the system (either power it down
or simply pull the chord depending on what school of thought you
subscribe to). Then take a complete copy of the HDD, now you can
mount the HDD in read-only mode in another computer (one that is
guaranteed to not have been broken into, i.e. a newly installed system
that isn't connected to the internet). After that you need to start
looking for "abnormal things" e.g. in log files. Read up on computer
forensics to learn more.
If you aren't under some sort of legal pressure to find out what the
attacker did or have something very valuable stored on your computer I
would simply re-install the entire system. Any files you save must be
carefully inspected to make sure they haven't been infected in some
way.
/M
--
Magnus Therning (OpenPGP: 0xAB4DFBA4)
magnus@therning.org Jabber: magnus@therning.org
http://therning.org/magnus identi.ca|twitter: magthe
Reply to: