Re: Incident investigation methodologies

• Previous message: Harlan Carvey: "Re: Incident investigation methodologies"
• Maybe in reply to: Harlan Carvey: "Incident investigation methodologies"
• Next in thread: Harlan Carvey: "Re: Incident investigation methodologies"
• Reply: Harlan Carvey: "Re: Incident investigation methodologies"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: Harlan Carvey <keydet89@yahoo.com>
Date: Fri, 04 Jun 2004 07:01:20 +0200

1º What you suggest is a modified version of Bugtraq.
2º People dont have time or dont want to make the effort of making a
documented report every time they post a message.

I dont know what rootkit is capable of doing what things. I only want
to know if it was a rootkit, if it is in my system and what it has done
in my system.

If you want to document your activities, it will be something similar
to forensic.

----- Mensaje Original -----
De: Harlan Carvey <keydet89@yahoo.com>
Fecha: Jueves, Junio 3, 2004 2:00 am
Asunto: Re: Incident investigation methodologies

> Gadi,
>
> > > While it's entirely possible that a rootkit
> > *could* do
> > > something, why not base what we do in fact, rather
> > > than in speculation, rumor, and paranoia?
> >
> > What you are suggesting, basically, is an
> > information sharing network
> > for different attack descriptions and information?
> >
> > A forensic dictionary? :)
>
> Admittedly, I may not have been as absolutely clear as
> I could have, but I really don't see where you were
> able to infer such a thing - particularly given the
> title of the post.
>
> To try again...what I'm suggesting is a documented,
> verifiable, repeatable methodology for incident
> response. I'm aware that the implemented methodology
> will have to specific to the platform (ie, Windows,
> Linux, *nix, *BSD, etc). I'm also aware that the
> framework will have to be flexible enough to allow new
> information to be incorporated.
>
> Hopefully, that's clear enough for a start...
>

• Previous message: Harlan Carvey: "Re: Incident investigation methodologies"
• Maybe in reply to: Harlan Carvey: "Incident investigation methodologies"
• Next in thread: Harlan Carvey: "Re: Incident investigation methodologies"
• Reply: Harlan Carvey: "Re: Incident investigation methodologies"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages RE: Incident investigation methodologies ... - Describe some of the indications that a rootkit may be present on a system ... 2º People dont have time or dont want to make the effort of making a ... Asunto: Re: Incident investigation methodologies ... > To try again...what I'm suggesting is a documented, ... (Incidents) Re: Changing dialog look-n-feel background color ... CDialog and doing the same thing as you are suggesting for coloring. ... dont see the connection between this and dynamic dialogs. ... (microsoft.public.vc.mfc) Re: any way to fix this? ... so are you suggesting that i remove those prepositions? ... i actually dont ... understand what you're trying to say, i personally edited all the tags ... (microsoft.public.windowsxp.music) Re: Landis, continued ... protocol, dont you agree? ... Convict molecules? ... Are you suggesting that there are not scientific tests ... (rec.bicycles.racing) Re: Sharepoint Portal Server 2003 on a home PC ? ... i dont know why people are suggesting you cannot (though im pretty sure ... windows sql server (this has to be installed prior to sharepoint) ... evaluation copy) ... (microsoft.public.sharepoint.portalserver)