PaulDotCom mailing list archives
Re: Forensics
From: Michael Lubinski <michael.lubinski () gmail com>
Date: Thu, 28 Apr 2011 14:22:27 -0500
I got quite a chuckle out of a few of them, thanks. On Thu, Apr 28, 2011 at 2:17 PM, Josh More <jmore () starmind org> wrote:
I don't think you'll find one. Unless the infected system is set up with an appropriate level of auditing and there are network logs to compare against, the important data will be lost. Here are some questions. If they say "yes" to any of them, stop asking questions, assume that that's the vector and take corrective action. This will work well for you in something like 90% of these situations and fail catastrophically in the other 10%. Identifying which is which is left as an exercise to the reader. ;) * Is the user running as a local administrator? * Is the system missing the most recent service pack? * Is the system missing any security patches? * Is the system running an older version of Adobe Reader? * Is the system running an older version of Adobe Flash? * Is the system running an older version of Oracle (or Sun) Java? * Is the system running an older version of Mozilla Firefox, Google Chrome or Opera? * Is the system's firewall off? * Can you download the files from www.eicar.org? * Can you browse to porn sites? * Can you browse gambling sites? * If you plug a USB drive with an autorun file on it, does it run? * Did the user anger the wrong people on the Internet? * Is the user unlucky? -Josh More On Thu, Apr 28, 2011 at 1:56 PM, Michael Lubinski < michael.lubinski () gmail com> wrote:When people ask me, "how did i get infected?" What would you guys recommend as a good forensics tool to help unmask the avenue of infection? _______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com_______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
_______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
Current thread:
- Forensics Michael Lubinski (Apr 28)
- Re: Forensics Andrew Case (Apr 28)
- Re: Forensics Josh More (Apr 28)
- Re: Forensics Michael Lubinski (Apr 28)
- Re: Forensics Ken Pryor (Apr 28)
- Re: Forensics Michael Lubinski (Apr 28)
- Re: Forensics gold flake (Apr 29)
- Re: Forensics Michael Lubinski (Apr 28)