[prev in list] [next in list] [prev in thread] [next in thread]
List: debian-security
Subject: Re: Compromised system - still ok?
From: Bernd Eckenfels <ecki () lina ! inka ! de>
Date: 2005-02-16 5:22:03
Message-ID: E1D1HdT-0002ZU-00 () calista ! eckenfels ! 6bone ! ka-ip ! net
[Download RAW message or body]
In article <200502161522.18182.russell@coker.com.au> you wrote:
>> - for forensics.. use a good cd or build a custom disk
>> with with lot of fun forensics on it and fiddle till one finds
>> all the answers :-0
>
> Make sure that you don't do forensics on the original image. Investigating
> the situation may require running fsck etc which changes things.
And talking about forensics: use "script" to generate a complete typescript
of your forensics session.
Greetings
Bernd
--
To UNSUBSCRIBE, email to debian-security-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic