Educause Security Discussion mailing list archives

SSNs, rootkits, Incident Response, etc...

From: Gary Golomb <coach () GWU EDU>
Date: Thu, 6 Jul 2006 09:10:41 -0400


Hi there all-

There's been a few threads touching on this over the past few months, so
I figured I'd throw this out to the list...

We have a custom-developed application (not a script/wrapper) that
performs incident response functions, searches for social security
numbers, probes for kernel-level rootkits, searches for trojans commonly
missed by virus scanners, encrypts/uploads reports, etc, etc....

See the attached file for more information. (Hopefully it goes though...
If not, I'll make a follow-up post with more details...)

My questions are:
- Who else has something like this or is using something like it already?
- How much interest would others have in *really* using it?

Thanks in advance. Off list replies are fine with me...

-gary

------
Gary Golomb
Computer Forensics Engineer
ISS/Network Systems Security
801 22nd St NW Rm B204A
Washington, DC 20052

coach () gwu edu
http://home.gwu.edu/~coach

Attachment: SAFE-Intro.pdf
Description:

Current thread:

SSNs, rootkits, Incident Response, etc... Gary Golomb (Jul 06)
- <Possible follow-ups>
- Re: SSNs, rootkits, Incident Response, etc... Graham Toal (Jul 06)
- Re: SSNs, rootkits, Incident Response, etc... John Tooley (Jul 06)
- Re: SSNs, rootkits, Incident Response, etc... John (Jul 06)
- Re: SSNs, rootkits, Incident Response, etc... Gary Dobbins (Jul 06)
- Re: SSNs, rootkits, Incident Response, etc... Gary Golomb (Jul 06)
- Re: SSNs, rootkits, Incident Response, etc... Graham Toal (Jul 07)
- Re: SSNs, rootkits, Incident Response, etc... Valdis Kletnieks (Jul 07)
- Re: SSNs, rootkits, Incident Response, etc... Alan Amesbury (Jul 18)