Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Incidents
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: They got me!!!

from [Dude VanWinkle] Network Security [Permanent Link]
Subject: Re: They got me!!!
Date: Wed, 5 Apr 2006 23:26:28 -0600 
On 4/5/06, Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]
<sbradcpa@pacbell.net> wrote:


Before you do the proper thing and flatten it and reinstall from trusted
sources..ask yourself your real intrusion points.... if the computer was
merely "on", "people" should be able to get on the box without

a.  a backdoor implanted on their first probably by your teenagers
surfing and downloading free software


You should verify this is the way they got in, you can do that by
checking their browsing history and reviewing the event log for newly
installed applications.

Also, if you have the file that is infected, you can check the
creation date, then search for other files modified in that time.

Verify that your files havent been touched. Scan your critical
docs/apps to see what the last accessed time is and compare that to
the timestamp on the backdoor.

The problem with forensics is that you have to have a plan in hand
when you start the investigation. Performing a full scan with symantec
will change the last accessed time, and you probably already deleted
the backdoor, so it may be really hard to find out what was done to
your system.

If this is true, you should take only txt files and wipe and reload
the machine. Also try NOD32 rather than symantec for AV. It is a lot
harder to beat.

-JP
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: They got me!!!, Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]
Next by Date:  RE: They got me!!!, Levenglick, Jeff
Previous by Thread:  Re: They got me!!!, Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]
Next by Thread:  RE: They got me!!!, lucretias
Indexes:  [Date] [Thread] [Top] [All Lists]