PaulDotCom mailing list archives
Re: Incident Response
From: Craig Freyman <craigfreyman () gmail com>
Date: Fri, 2 Jul 2010 08:36:20 -0600
Most of the time we re-image...... From a man hours perspective, it was always faster and cleaner. On Thu, Jul 1, 2010 at 4:19 PM, Daniel Holiday <dehaul () gmail com> wrote:
This brings up a question that I have always asked - can you recover from a machine that has had a virus on it? I have always felt that once a piece of malware has been on the box, the box was no longer able to be trusted and would reimage the box. Asking if the Run and RunOnce entries have been futzered with would not matter to me because I am going to be reimaging the whole box anyway. I would like to know what kind of data made its way out of my network, however. What is the accepted procedure for after you have discovered a bad code on a system? dehaul _______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
_______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
Current thread:
- Re: Incident Response Craig Freyman (Jul 01)
- Re: Incident Response Craig Freyman (Jul 01)
- Re: Incident Response Josh Little (Jul 01)
- Re: Incident Response Daniel Holiday (Jul 02)
- Re: Incident Response Mike Patterson (Jul 02)
- Re: Incident Response Craig Freyman (Jul 02)
- Re: Incident Response Daniel Holiday (Jul 02)