Security Basics mailing list archives
Re: Steps on how to handle an infected computers ( in forensics perspective)
From: lukasz () piatek pl
Date: Tue, 27 Jul 2010 11:50:05 -0600
Hi. I assume you want to get as much evidence as possible. If this is forever-running machine and it was not restarted since the infection have taken place it is pretty likely there are still traces in memory. I assume you did not install any kernel-mode driver proactively to grab sensitive data this way. You did not mention which OS you have up and running there. If there is Vista or up there is another problem because you cannot really access memory directly like it could have been done on Windows 2000 for instance. Information you provided are very theoretical, so any precise answer cannot be given at this point. Regards, Luke Piatek ------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------
Current thread:
- Steps on how to handle an infected computers ( in forensics perspective) Raja (Jul 27)
- Re: Steps on how to handle an infected computers ( in forensics perspective) Adam Mooz (Jul 27)
- Re: Steps on how to handle an infected computers ( in forensics perspective) Ansgar Wiechers (Jul 27)
- RE: Steps on how to handle an infected computers ( in forensicsperspective) Rivest, Philippe (Jul 27)
- Re: Steps on how to handle an infected computers ( in forensicsperspective) Ansgar Wiechers (Jul 27)
- RE: Steps on how to handle an infected computers ( in forensicsperspective) Sacks, Cailan C (Jul 28)
- Re: Steps on how to handle an infected computers ( in forensicsperspective) John Morrison (Jul 28)
- RE: Steps on how to handle an infected computers ( in forensicsperspective) Rivest, Philippe (Jul 27)
- <Possible follow-ups>
- Re: Steps on how to handle an infected computers ( in forensics perspective) lukasz (Jul 27)