Security Incidents mailing list archives
Re: Incident investigation methodologies
From: Gadi Evron <ge () linuxbox org>
Date: Wed, 02 Jun 2004 22:26:23 +0200
While it's entirely possible that a rootkit *could* do something, why not base what we do in fact, rather than in speculation, rumor, and paranoia?
What you are suggesting, basically, is an information sharing network for different attack descriptions and information?
A forensic dictionary? :)
Gadi.
--
Email: ge () linuxbox org. Work: gadie () cbs gov il. Backup: ge () warp mx dk.
Phone: +972-50-428610 (Cell).
PGP key for attachments: http://vapid.reprehensible.net/~ge/Gadi_Evron.asc
ID: 0xD9216A06 FP: 5BB0 D3E2 D3C1 19B7 2104 C0D0 A7B3 1CF7 D921 6A06
GPG key for encrypted email:
http://vapid.reprehensible.net/~ge/Gadi_Evron_Emails.asc
ID: 0x06C7D450 FP: 3B88 845A DF1F 4062 E5BA 569A A87E 8DB7 06C7 D450
Current thread:
- Re: NKADM rootkit - Something new?, (continued)
- Re: NKADM rootkit - Something new? Valdis . Kletnieks (Jun 01)
- Re: NKADM rootkit - Something new? Harlan Carvey (Jun 02)
- Re: NKADM rootkit - Something new? Valdis . Kletnieks (Jun 01)
- Re: NKADM rootkit - Something new? Harlan Carvey (Jun 01)
- Re: NKADM rootkit - Something new? Gadi Evron (Jun 01)
- RE: NKADM rootkit - Something new? Lachniet, Mark (Jun 01)
- RE: NKADM rootkit - Something new? Levinson, Karl (Jun 01)
- Re: NKADM rootkit - Something new? 'Ansgar -59cobalt- Wiechers' (Jun 01)
- Re: NKADM rootkit - Something new? Harlan Carvey (Jun 02)
- Dead Thread: Re: NKADM rootkit - Something new? Daniel Hanson (Jun 02)
- Incident investigation methodologies Harlan Carvey (Jun 02)
- Re: Incident investigation methodologies Gadi Evron (Jun 02)
- Re: Incident investigation methodologies Harlan Carvey (Jun 03)
- Re: Incident investigation methodologies Ansgar -59cobalt- Wiechers (Jun 04)
- Re: Incident investigation methodologies Paul Schmehl (Jun 04)
- Re: Incident investigation methodologies Jon Coller (Jun 04)
- Re: Incident investigation methodologies Valdis . Kletnieks (Jun 04)
- Re: NKADM rootkit - Something new? 'Ansgar -59cobalt- Wiechers' (Jun 01)
- Re: Incident investigation methodologies Harlan Carvey (Jun 07)
- Re: Incident investigation methodologies Pho Man (Jun 04)
- RE: Incident investigation methodologies James C Slora Jr (Jun 07)
- RE: Incident investigation methodologies Harlan Carvey (Jun 08)
- Re: Incident investigation methodologies James C. Slora Jr. (Jun 08)