March 29th, 2003, 06:57 PM
Incident Response Tools
This is a pretty good article from SecurityFocus- the first of a 3-part series on Incident Response for Unix.
This article is the first in a three-part series on tools that are useful during incident response and investigation after a compromise has occurred on a OpenBSD, Linux, or Solaris system. This installment will focus on system tools, the second part will discuss file-system tools, and the concluding article will look at network tools. The information used in these articles is based on OpenBSD 3.2, Debian GNU/Linux 3.0 (woody), RedHat 8.0 (psyche), and Solaris 9 (aka Solaris 2.9 or SunOS 5.9).
It walks through various tools you might use for forensics once a system is compromised and explains a little about the syntax and the use of the output for each tool.
March 29th, 2003, 08:27 PM
Very Very Nice.....
I've spent quite a few years using linux and it showed me a thing or two that I'd never known before.... guess I've never felt the need to follow a process to that extent...
Anyways.. very interesting and definately a valuable piece of information.
March 30th, 2003, 08:09 AM
Some of the people at Foundstone put out a good book on incident response (Incident Response: Investigating Computer Crime), I've had the opportunity to read it and it discusses in detail the procedures that should be followed after a break in. Anyone working in the computer security field should already know the techniques, but for those who are not actively working in the field or just starting out, the book is hightly recommended. # ISBN: 0072131829