Re: Steps on how to handle an infected computers ( in forensics perspective)

[lukasz () piatek pl]

Hi. I assume you want to get as much evidence as possible. If this is forever-running machine and it was not restarted 
since the infection have taken place it is pretty likely there are still traces in memory. I assume you did not install 
any kernel-mode driver proactively to grab sensitive data this way. You did not mention which OS you have up and 
running there. If there is Vista or up there is another problem because you cannot really access memory directly like 
it could have been done on Windows 2000 for instance. Information you provided are very theoretical, so any precise 
answer cannot be given at this point.

Regards,
Luke Piatek 

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how 
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, 
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are 
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------