Security Incidents mailing list archives
Re: diagnose compromise on NT
From: Patrick Andry <pandry () wolverinefreight ca>
Date: Mon, 22 Jul 2002 11:05:20 -0400
Ingersoll, Jared wrote:
Does anyone know of any good tools that can be used on an NT 4.0 box to (help) diagnose a system compromise? I've been playing around with inzider with limited results. Thanks, Jared ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service.For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
What type of system compromise? Did event log/web logs show any activity?PStools from sysinternals is usually a good set of raw tools to use, but you have to know what you are looking for in order for them to be of any use.
---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service.For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- diagnose compromise on NT Ingersoll, Jared (Jul 22)
- Re: diagnose compromise on NT Patrick Andry (Jul 22)
- Re: diagnose compromise on NT H C (Jul 22)
- <Possible follow-ups>
- RE: diagnose compromise on NT Hornat, Charles (Jul 22)