Incident Response Tools
Results 1 to 3 of 3

Thread: Incident Response Tools

  1. #1
    AO Security for Non-Geeks tonybradley's Avatar
    Join Date
    Aug 2002

    Incident Response Tools

    This article is the first in a three-part series on tools that are useful during incident response and investigation after a compromise has occurred on a OpenBSD, Linux, or Solaris system. This installment will focus on system tools, the second part will discuss file-system tools, and the concluding article will look at network tools. The information used in these articles is based on OpenBSD 3.2, Debian GNU/Linux 3.0 (woody), RedHat 8.0 (psyche), and Solaris 9 (aka Solaris 2.9 or SunOS 5.9).

    This is a pretty good article from SecurityFocus- the first of a 3-part series on Incident Response for Unix.

    It walks through various tools you might use for forensics once a system is compromised and explains a little about the syntax and the use of the output for each tool.

  2. #2
    Senior Member
    Join Date
    Jan 2003
    Very Very Nice.....

    I've spent quite a few years using linux and it showed me a thing or two that I'd never known before.... guess I've never felt the need to follow a process to that extent...

    Anyways.. very interesting and definately a valuable piece of information.

  3. #3
    Senior Member
    Join Date
    Mar 2003
    Some of the people at Foundstone put out a good book on incident response (Incident Response: Investigating Computer Crime), I've had the opportunity to read it and it discusses in detail the procedures that should be followed after a break in. Anyone working in the computer security field should already know the techniques, but for those who are not actively working in the field or just starting out, the book is hightly recommended. # ISBN: 0072131829

    Like this post? Visit PuRe\'s Information Technology Community. We\'ve also got some kick ass Technology Forums. Shop for books and dvds on

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts