Security Incidents mailing list archives
Re: Incident investigation methodologies
From: Harlan Carvey <keydet89 () yahoo com>
Date: Wed, 2 Jun 2004 17:00:30 -0700 (PDT)
Gadi,
While it's entirely possible that a rootkit*could* dosomething, why not base what we do in fact, rather than in speculation, rumor, and paranoia?What you are suggesting, basically, is an information sharing network for different attack descriptions and information? A forensic dictionary? :)
Admittedly, I may not have been as absolutely clear as I could have, but I really don't see where you were able to infer such a thing - particularly given the title of the post. To try again...what I'm suggesting is a documented, verifiable, repeatable methodology for incident response. I'm aware that the implemented methodology will have to specific to the platform (ie, Windows, Linux, *nix, *BSD, etc). I'm also aware that the framework will have to be flexible enough to allow new information to be incorporated. Hopefully, that's clear enough for a start...
Current thread:
- Re: NKADM rootkit - Something new?, (continued)
- Re: NKADM rootkit - Something new? Harlan Carvey (Jun 02)
- Re: NKADM rootkit - Something new? Harlan Carvey (Jun 01)
- Re: NKADM rootkit - Something new? Gadi Evron (Jun 01)
- RE: NKADM rootkit - Something new? Lachniet, Mark (Jun 01)
- RE: NKADM rootkit - Something new? Levinson, Karl (Jun 01)
- Re: NKADM rootkit - Something new? 'Ansgar -59cobalt- Wiechers' (Jun 01)
- Re: NKADM rootkit - Something new? Harlan Carvey (Jun 02)
- Dead Thread: Re: NKADM rootkit - Something new? Daniel Hanson (Jun 02)
- Incident investigation methodologies Harlan Carvey (Jun 02)
- Re: Incident investigation methodologies Gadi Evron (Jun 02)
- Re: Incident investigation methodologies Harlan Carvey (Jun 03)
- Re: Incident investigation methodologies Ansgar -59cobalt- Wiechers (Jun 04)
- Re: Incident investigation methodologies Paul Schmehl (Jun 04)
- Re: Incident investigation methodologies Jon Coller (Jun 04)
- Re: Incident investigation methodologies Valdis . Kletnieks (Jun 04)
- Re: NKADM rootkit - Something new? 'Ansgar -59cobalt- Wiechers' (Jun 01)
- Re: Incident investigation methodologies Harlan Carvey (Jun 07)
- Re: Incident investigation methodologies Pho Man (Jun 04)
- RE: Incident investigation methodologies James C Slora Jr (Jun 07)
- RE: Incident investigation methodologies Harlan Carvey (Jun 08)
- Re: Incident investigation methodologies James C. Slora Jr. (Jun 08)