Re: Incident investigation methodologies

From: FRCMSEC (FRCMSEC_at_terra.es)
Date: 06/04/04

  • Next message: Maarten Van Horenbeeck: "Re: Incident investigation methodologies" 
    To: Harlan Carvey <keydet89@yahoo.com>
Date: Fri, 04 Jun 2004 07:01:20 +0200

    1º What you suggest is a modified version of Bugtraq.
    2º People dont have time or dont want to make the effort of making a
    documented report every time they post a message.

    I dont know what rootkit is capable of doing what things. I only want
    to know if it was a rootkit, if it is in my system and what it has done
    in my system.

    If you want to document your activities, it will be something similar
    to forensic.

    ----- Mensaje Original -----
    De: Harlan Carvey <keydet89@yahoo.com>
    Fecha: Jueves, Junio 3, 2004 2:00 am
    Asunto: Re: Incident investigation methodologies

    > Gadi,
    >
    > > > While it's entirely possible that a rootkit
    > > *could* do
    > > > something, why not base what we do in fact, rather
    > > > than in speculation, rumor, and paranoia?
    > >
    > > What you are suggesting, basically, is an
    > > information sharing network
    > > for different attack descriptions and information?
    > >
    > > A forensic dictionary? :)
    >
    > Admittedly, I may not have been as absolutely clear as
    > I could have, but I really don't see where you were
    > able to infer such a thing - particularly given the
    > title of the post.
    >
    > To try again...what I'm suggesting is a documented,
    > verifiable, repeatable methodology for incident
    > response. I'm aware that the implemented methodology
    > will have to specific to the platform (ie, Windows,
    > Linux, *nix, *BSD, etc). I'm also aware that the
    > framework will have to be flexible enough to allow new
    > information to be incorporated.
    >
    > Hopefully, that's clear enough for a start...
    >

  • Next message: Maarten Van Horenbeeck: "Re: Incident investigation methodologies"

    Relevant Pages

    • RE: Incident investigation methodologies
      ... - Describe some of the indications that a rootkit may be present on a system ... 2º People dont have time or dont want to make the effort of making a ... Asunto: Re: Incident investigation methodologies ... > To try again...what I'm suggesting is a documented, ...
      (Incidents)
    • Re: Changing dialog look-n-feel background color
      ... CDialog and doing the same thing as you are suggesting for coloring. ... dont see the connection between this and dynamic dialogs. ...
      (microsoft.public.vc.mfc)
    • Re: any way to fix this?
      ... so are you suggesting that i remove those prepositions? ... i actually dont ... understand what you're trying to say, i personally edited all the tags ...
      (microsoft.public.windowsxp.music)
    • Re: Cortisone shot
      ... And i have three incurable diseases. ... not suggesting cause and affect. ... just saying draw your own conclusions. ... him he dont need the shot thyer scary and he may die, ...
      (rec.martial-arts)
    • Re: Landis, continued
      ... protocol, dont you agree? ... Convict molecules? ... Are you suggesting that there are not scientific tests ...
      (rec.bicycles.racing)