Educause Security Discussion mailing list archives
SSNs, rootkits, Incident Response, etc...
From: Gary Golomb <coach () GWU EDU>
Date: Thu, 6 Jul 2006 09:10:41 -0400
Hi there all- There's been a few threads touching on this over the past few months, so I figured I'd throw this out to the list... We have a custom-developed application (not a script/wrapper) that performs incident response functions, searches for social security numbers, probes for kernel-level rootkits, searches for trojans commonly missed by virus scanners, encrypts/uploads reports, etc, etc.... See the attached file for more information. (Hopefully it goes though... If not, I'll make a follow-up post with more details...) My questions are: - Who else has something like this or is using something like it already? - How much interest would others have in *really* using it? Thanks in advance. Off list replies are fine with me... -gary ------ Gary Golomb Computer Forensics Engineer ISS/Network Systems Security 801 22nd St NW Rm B204A Washington, DC 20052 coach () gwu edu http://home.gwu.edu/~coach
Attachment:
SAFE-Intro.pdf
Description:
Current thread:
- SSNs, rootkits, Incident Response, etc... Gary Golomb (Jul 06)
- <Possible follow-ups>
- Re: SSNs, rootkits, Incident Response, etc... Graham Toal (Jul 06)
- Re: SSNs, rootkits, Incident Response, etc... John Tooley (Jul 06)
- Re: SSNs, rootkits, Incident Response, etc... John (Jul 06)
- Re: SSNs, rootkits, Incident Response, etc... Gary Dobbins (Jul 06)
- Re: SSNs, rootkits, Incident Response, etc... Gary Golomb (Jul 06)
- Re: SSNs, rootkits, Incident Response, etc... Graham Toal (Jul 07)
- Re: SSNs, rootkits, Incident Response, etc... Valdis Kletnieks (Jul 07)
- Re: SSNs, rootkits, Incident Response, etc... Alan Amesbury (Jul 18)