Security Incidents mailing list archives
Re: Incident investigation methodologies
From: FRCMSEC <FRCMSEC () terra es>
Date: Fri, 04 Jun 2004 07:01:20 +0200
1º What you suggest is a modified version of Bugtraq. 2º People dont have time or dont want to make the effort of making a documented report every time they post a message. I dont know what rootkit is capable of doing what things. I only want to know if it was a rootkit, if it is in my system and what it has done in my system. If you want to document your activities, it will be something similar to forensic. ----- Mensaje Original ----- De: Harlan Carvey <keydet89 () yahoo com> Fecha: Jueves, Junio 3, 2004 2:00 am Asunto: Re: Incident investigation methodologies
Gadi,While it's entirely possible that a rootkit*could* dosomething, why not base what we do in fact, rather than in speculation, rumor, and paranoia?What you are suggesting, basically, is an information sharing network for different attack descriptions and information? A forensic dictionary? :)Admittedly, I may not have been as absolutely clear as I could have, but I really don't see where you were able to infer such a thing - particularly given the title of the post. To try again...what I'm suggesting is a documented, verifiable, repeatable methodology for incident response. I'm aware that the implemented methodology will have to specific to the platform (ie, Windows, Linux, *nix, *BSD, etc). I'm also aware that the framework will have to be flexible enough to allow new information to be incorporated. Hopefully, that's clear enough for a start...
Current thread:
- Re: Incident investigation methodologies FRCMSEC (Jun 04)
- Re: Incident investigation methodologies Harlan Carvey (Jun 04)
- <Possible follow-ups>
- Re: Incident investigation methodologies Maarten Van Horenbeeck (Jun 04)
- RE: Incident investigation methodologies Fiscus, Kevin (Jun 04)
- RE: Incident investigation methodologies Harlan Carvey (Jun 07)
- Re: Incident investigation methodologies Barry Fitzgerald (Jun 09)
- RE: Incident investigation methodologies Tim Hollebeek (Jun 10)
- Re: Incident investigation methodologies Harlan Carvey (Jun 14)
- RE: Incident investigation methodologies Harlan Carvey (Jun 07)
- RE: Incident investigation methodologies Gaydosh, Adam (Jun 04)
- RE: Incident investigation methodologies Steven Trewick (Jun 07)
- RE: Incident investigation methodologies Harlan Carvey (Jun 07)