Security Incidents mailing list archives
RE: Incident investigation methodologies
From: Harlan Carvey <keydet89 () yahoo com>
Date: Mon, 7 Jun 2004 10:51:25 -0700 (PDT)
Steven,
In the real world, production systems need to go back into production ASAP.
This is exactly my point. In fact, I'm taking it a step further...that production systems cannot be taken down w/o proper justificaition to do so.
Frontline support staff simply do not have the time or resource (or often even the knowledge) to conduct lengthy forensic investigations.
Exactly, particularly to the knowledge part of your comment.
Time = Money, that's a cold, hard fact, and there simply isn't any way around it.
Agreed. This is one of my reasons for starting this thread.
Current thread:
- Re: Incident investigation methodologies, (continued)
- Re: Incident investigation methodologies Maarten Van Horenbeeck (Jun 04)
- RE: Incident investigation methodologies Fiscus, Kevin (Jun 04)
- RE: Incident investigation methodologies Harlan Carvey (Jun 07)
- Re: Incident investigation methodologies Barry Fitzgerald (Jun 09)
- RE: Incident investigation methodologies Tim Hollebeek (Jun 10)
- Re: Incident investigation methodologies Harlan Carvey (Jun 14)
- RE: Incident investigation methodologies Harlan Carvey (Jun 07)
- RE: Incident investigation methodologies Gaydosh, Adam (Jun 04)
- RE: Incident investigation methodologies Steven Trewick (Jun 07)
- RE: Incident investigation methodologies Harlan Carvey (Jun 07)
- RE: Incident investigation methodologies Dave Paris (Jun 07)
- RE: Incident investigation methodologies Harlan Carvey (Jun 07)
- RE: Incident investigation methodologies Fiscus, Kevin (Jun 07)
- RE: Incident investigation methodologies pfft (Jun 13)
- RE: Incident investigation methodologies Harlan Carvey (Jun 14)
- RE: Incident investigation methodologies pfft (Jun 14)
- RE: Incident investigation methodologies Harlan Carvey (Jun 14)
- RE: Incident investigation methodologies pfft (Jun 13)