Security Incidents mailing list archives

Re: diagnose compromise on NT

From: Patrick Andry <pandry () wolverinefreight ca>
Date: Mon, 22 Jul 2002 11:05:20 -0400

Ingersoll, Jared wrote:

Does anyone know of any good tools that can be used on an NT 4.0 box to
(help) diagnose a system compromise? I've been playing around with inzider
with limited results.

Thanks,

Jared

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.

For more information on this free incident handling, managementand tracking system please see: http://aris.securityfocus.com


What type of system compromise?
Did event log/web logs show any activity?

PStools from sysinternals is usually a good set of raw tools to use, but youhave to know what you are looking for in order for them to be of any use.



----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.

For more information on this free incident handling, managementand tracking system please see: http://aris.securityfocus.com

Current thread:

diagnose compromise on NT Ingersoll, Jared (Jul 22)
- Re: diagnose compromise on NT Patrick Andry (Jul 22)
- Re: diagnose compromise on NT H C (Jul 22)
- <Possible follow-ups>
- RE: diagnose compromise on NT Hornat, Charles (Jul 22)