Security Incidents mailing list archives

Forensics CD (was: Re: Strange Folder

From: "Meritt James" <meritt_james () bah com>
Date: Mon, 07 Oct 2002 09:12:09 -0400

REAL good suggestion!  Any specific recommendations as to what should be
on the CD?

Jim

Neil Dickey wrote:

It's a good idea to have a kit of such tools on a read-only
CD in advance of an incident like this, so that you have
tools you know you can trust -- that haven't been trojanned
-- ready to use.  It's rather like the instructions in a
snake-bite kit.  You want to be familiar with them *before*
Mr. Snake has his way with you.


-- 
James W. Meritt CISSP, CISA
Booz | Allen | Hamilton
phone: (410) 684-6566

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

Current thread:

Strange Folder discipulus (Oct 05)
- Re: Strange Folder Nick Jacobsen (Oct 06)
  - Message not available
    - Re: Strange Folder discipulus (Oct 06)
    - Re: Strange Folder Midkaemia (Oct 06)
    - Re: Strange Folder discipulus (Oct 07)
- Re: Strange Folder P.P. Lodder (Oct 06)
- Re: Strange Folder Hiroaki Kondo (Oct 07)
- <Possible follow-ups>
- Re: Strange Folder discipulus (Oct 06)
- Re: Strange Folder Neil Dickey (Oct 06)
  - Re: Strange Folder discipulus (Oct 06)
  - Forensics CD (was: Re: Strange Folder Meritt James (Oct 07)
    - Re: Forensics CD (was: Re: Strange Folder Chet Uber (Oct 08)
    - Re: Forensics CD (was: Re: Strange Folder Ryan McBride (Oct 08)