Re: Incident investigation methodologies

From: Gadi Evron (ge_at_linuxbox.org)
Date: 06/02/04

Next message: Harlan Carvey: "Re: Incident investigation methodologies"

Previous message: Harlan Carvey: "Incident investigation methodologies, update"
In reply to: Harlan Carvey: "Incident investigation methodologies"
Next in thread: Harlan Carvey: "Re: Incident investigation methodologies"
Reply: Harlan Carvey: "Re: Incident investigation methodologies"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Wed, 02 Jun 2004 22:26:23 +0200
To: Harlan Carvey <keydet89@yahoo.com>

> While it's entirely possible that a rootkit *could* do
> something, why not base what we do in fact, rather
> than in speculation, rumor, and paranoia?

What you are suggesting, basically, is an information sharing network
for different attack descriptions and information?

A forensic dictionary? :)

Gadi.

-- 
Email: ge@linuxbox.org.  Work: gadie@cbs.gov.il. Backup: ge@warp.mx.dk.
Phone: +972-50-428610 (Cell).
PGP key for attachments: http://vapid.reprehensible.net/~ge/Gadi_Evron.asc
ID: 0xD9216A06 FP: 5BB0 D3E2 D3C1 19B7 2104  C0D0 A7B3 1CF7 D921 6A06
GPG key for encrypted email: 
http://vapid.reprehensible.net/~ge/Gadi_Evron_Emails.asc
ID: 0x06C7D450 FP: 3B88 845A DF1F 4062 E5BA  569A A87E 8DB7 06C7 D450

Next message: Harlan Carvey: "Re: Incident investigation methodologies"

Previous message: Harlan Carvey: "Incident investigation methodologies, update"
In reply to: Harlan Carvey: "Incident investigation methodologies"
Next in thread: Harlan Carvey: "Re: Incident investigation methodologies"
Reply: Harlan Carvey: "Re: Incident investigation methodologies"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]