[prev in list] [next in list] [prev in thread] [next in thread] 

List:       debian-security
Subject:    Re: Compromised system - still ok?
From:       Bernd Eckenfels <ecki () lina ! inka ! de>
Date:       2005-02-16 5:22:03
Message-ID: E1D1HdT-0002ZU-00 () calista ! eckenfels ! 6bone ! ka-ip ! net
[Download RAW message or body]

In article <200502161522.18182.russell@coker.com.au> you wrote:
>>  - for forensics.. use a good cd or build a custom disk
>>  with with lot of fun forensics on it and fiddle till one finds
>>  all the answers :-0
> 
> Make sure that you don't do forensics on the original image.  Investigating 
> the situation may require running fsck etc which changes things.

And talking about forensics: use "script" to generate a complete typescript
of your forensics session.

Greetings
Bernd


-- 
To UNSUBSCRIBE, email to debian-security-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

[prev in list] [next in list] [prev in thread] [next in thread]