A sample Incident report
Page 1 of 2 12 LastLast
Results 1 to 10 of 11

Thread: A sample Incident report

  1. #1
    Computer Forensics
    Join Date
    Jul 2001
    Posts
    672

    A sample Incident report

    This is a sample Incident Response report that I recently completed. I thought people might be interested in seeing what a report *might* look like. I've cleaned it quite a bit so that I could post it here, so there are some details missing.


    enjoy
    -hog
    Antionline in a nutshell
    \"You\'re putting the fate of the world in the hands of a bunch of idiots I wouldn\'t trust with a potato gun\"

    Trust your Technolust

  2. #2
    Super Moderator
    Know-it-All Master Beaver

    Join Date
    Jan 2003
    Posts
    3,914
    Hey Hey,

    Very Nice Hog..

    I find it kinda humerous that it was on that because that's the extact virus that we're having issues with at the college I work at ... I've identified about 40 variants of the virus so far and have created a custom cleaner for all of them.... I'm still discovering more every day and none of the virus companies are doing anything... Some of them are detecting it but none of them we'll clean it.. They all recognize it (depending on the vendor) as SpyBot/SDBot/Forbot...

    I'm going to be working on ClamWin Defs for them all weekend.

    Peace,
    HT
    IT Blog: .:Computer Defense:.
    PnCHd (Pronounced Pinched): Acronym - Point 'n Click Hacked. As in: "That website was pinched" or "The skiddie pinched my computer because I forgot to patch".

  3. #3
    Computer Forensics
    Join Date
    Jul 2001
    Posts
    672
    HT: Yeah I actually thought it was funny because I have seen you talking a bit about it elsewhere on the forums..I have to rely on others to submit these things to me since my environment is pretty controlled and we don't see a lot of malware (unless I bring it in purposely).
    Antionline in a nutshell
    \"You\'re putting the fate of the world in the hands of a bunch of idiots I wouldn\'t trust with a potato gun\"

    Trust your Technolust

  4. #4
    BANNED
    Join Date
    Nov 2003
    Location
    Baton Rouge
    Posts
    724
    So how did you get the kids picture? I know it's probably a minor detail but I'm just curious. And he just left you an easy trail to follow?
    When death sleeps it dreams of you...

  5. #5
    Computer Forensics
    Join Date
    Jul 2001
    Posts
    672
    It was a fairly simple trail to follow in this case, and fun.
    Antionline in a nutshell
    \"You\'re putting the fate of the world in the hands of a bunch of idiots I wouldn\'t trust with a potato gun\"

    Trust your Technolust

  6. #6
    Super Moderator
    Know-it-All Master Beaver

    Join Date
    Jan 2003
    Posts
    3,914
    Hey Hey,

    Here's a link for those of you using IE.. hog's posted text file isn't IE/Notepad friendly

    http://www.seeminglyrandom.info/incident-093004.html

    Peace,
    HT
    IT Blog: .:Computer Defense:.
    PnCHd (Pronounced Pinched): Acronym - Point 'n Click Hacked. As in: "That website was pinched" or "The skiddie pinched my computer because I forgot to patch".

  7. #7
    HeadShot Master N1nja Cybr1d's Avatar
    Join Date
    Jul 2003
    Location
    Boston, MA
    Posts
    1,836
    HogFly, a couple of tools such as Retina and SSS create really nice reports after the scan is completed. Take a look at those. They're not exactly forensics tools, but they are pretty good vulnerability checkers. I put em here for the sake of the reporting, not their intended usage.

    Cybr1d.

  8. #8
    Are there any standards for writing an incident report, or is it just made per incident?

  9. #9
    Computer Forensics
    Join Date
    Jul 2001
    Posts
    672
    Soda: Various agencies and governments have standards for reporting. We have a SOP(standard operating procedure) for reporting of security incidents, in fact it's a policy. This was a little different than what's defined by our policy though. It all depends on where you work, and how developed a policy/program they have.
    Antionline in a nutshell
    \"You\'re putting the fate of the world in the hands of a bunch of idiots I wouldn\'t trust with a potato gun\"

    Trust your Technolust

  10. #10
    Senior Member
    Join Date
    Nov 2001
    Posts
    4,786
    is this something you would just keep on file or is it submitted somewhere?
    Bukhari:V3B48N826 “The Prophet said, ‘Isn’t the witness of a woman equal to half of that of a man?’ The women said, ‘Yes.’ He said, ‘This is because of the deficiency of a woman’s mind.’”

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides