Ethical Hacking Training at InfoSec Institute

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Computer Forensics Computer-Forensics
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: RFC 3227 - Evidence Collection

from [Ivan Krstic] Network Security [Permanent Link]
Subject: Re: RFC 3227 - Evidence Collection
Date: Wed, 13 Oct 2004 15:59:37 -0400
Victor Hugo Menegotto wrote:
Does anyone know what the phrase "Remove external avenues for change" mean?

It's a compact way to say "make sure that the evidence you're collecting cannot get changed by some outside process or entity". The statement is largely common sense. For instance, if you're trying to do forensics on a machine and you suspect the original attacker still has a means of gaining access, pull out the network cable; if for some reason you must leave the machine connected [1], make sure regular users are denied access so as to not have a way of inadvertently tampering with, or detroying your evidence.

Ivan

[1] I will not belabor here the likely misguidance in making such a decision, unless you've decided to sacrifice the machine and make it a honeypot.

-----------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com

[More with this subject...]


<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: RFC 3227 - Evidence Collection, t. elam
Next by Date:  Re: RFC 3227 - Evidence Collection, H Carvey
Previous by Thread:  RE: RFC 3227 - Evidence Collection, subscribe
Next by Thread:  RE: RFC 3227 - Evidence Collection, IanC @ TracingEmails
Indexes:  [Date] [Thread] [Top] [All Lists]