Security Incidents mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Simple Windows incident response methodology

From: "Lachniet, Mark" <mlachniet () sequoianet com>
Date: Mon, 14 Jun 2004 10:55:48 -0400
For example, if there is any suspicion of child pornography, we punt it
towards a forensically sound investigation.  If there is financial
fraud, it could go either way (due to fear of negative publicity
out-weighing legal recourse).  If its normal hacking or warez, it
usually fine to just figure out what happened, and move along, since
most law enforcement don't want to mess with it anyway.

It is not a bad idea to have a list of criteria, approved by legal
counsel, as part of your IR plan, but for that matter, legal should be
part of the planning process anyway.

Mark Lachniet 


-----Original Message-----
From: Mike Lyman [mailto:mlyman-security () comcast net] 
The decision to end and an incident as quickly as possible or 
to take legal action was often explicitely spelled out in our 
incident response plans in my previous job



---------------------------------------------------------------------------
Free 30-day trial: firewall with virus/spam protection, URL filtering, VPN,
wireless security

Protect your network against hackers, viruses, spam and other risks with Astaro
Security Linux, the comprehensive security solution that combines six
applications in one software solution for ease of use and lower total cost of
ownership.

Download your free trial at
http://www.securityfocus.com/sponsor/Astaro_incidents_040614
----------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: