-
October 1st, 2004, 06:11 AM
#1
A sample Incident report
This is a sample Incident Response report that I recently completed. I thought people might be interested in seeing what a report *might* look like. I've cleaned it quite a bit so that I could post it here, so there are some details missing.
enjoy
-hog
Antionline in a nutshell
\"You\'re putting the fate of the world in the hands of a bunch of idiots I wouldn\'t trust with a potato gun\"
Trust your Technolust
-
October 1st, 2004, 06:21 AM
#2
Hey Hey,
Very Nice Hog..
I find it kinda humerous that it was on that because that's the extact virus that we're having issues with at the college I work at ... I've identified about 40 variants of the virus so far and have created a custom cleaner for all of them.... I'm still discovering more every day and none of the virus companies are doing anything... Some of them are detecting it but none of them we'll clean it.. They all recognize it (depending on the vendor) as SpyBot/SDBot/Forbot...
I'm going to be working on ClamWin Defs for them all weekend.
Peace,
HT
-
October 1st, 2004, 06:24 AM
#3
HT: Yeah I actually thought it was funny because I have seen you talking a bit about it elsewhere on the forums..I have to rely on others to submit these things to me since my environment is pretty controlled and we don't see a lot of malware (unless I bring it in purposely).
Antionline in a nutshell
\"You\'re putting the fate of the world in the hands of a bunch of idiots I wouldn\'t trust with a potato gun\"
Trust your Technolust
-
October 1st, 2004, 06:30 AM
#4
So how did you get the kids picture? I know it's probably a minor detail but I'm just curious. And he just left you an easy trail to follow?
When death sleeps it dreams of you...
-
October 1st, 2004, 07:15 AM
#5
It was a fairly simple trail to follow in this case, and fun.
Antionline in a nutshell
\"You\'re putting the fate of the world in the hands of a bunch of idiots I wouldn\'t trust with a potato gun\"
Trust your Technolust
-
October 1st, 2004, 07:16 AM
#6
Hey Hey,
Here's a link for those of you using IE.. hog's posted text file isn't IE/Notepad friendly
http://www.seeminglyrandom.info/incident-093004.html
Peace,
HT
-
October 1st, 2004, 07:18 AM
#7
HogFly, a couple of tools such as Retina and SSS create really nice reports after the scan is completed. Take a look at those. They're not exactly forensics tools, but they are pretty good vulnerability checkers. I put em here for the sake of the reporting, not their intended usage.
Cybr1d.
-
October 1st, 2004, 07:43 AM
#8
Are there any standards for writing an incident report, or is it just made per incident?
-
October 1st, 2004, 07:49 AM
#9
Soda: Various agencies and governments have standards for reporting. We have a SOP(standard operating procedure) for reporting of security incidents, in fact it's a policy. This was a little different than what's defined by our policy though. It all depends on where you work, and how developed a policy/program they have.
Antionline in a nutshell
\"You\'re putting the fate of the world in the hands of a bunch of idiots I wouldn\'t trust with a potato gun\"
Trust your Technolust
-
October 4th, 2004, 05:30 PM
#10
is this something you would just keep on file or is it submitted somewhere?
Bukhari:V3B48N826 “The Prophet said, ‘Isn’t the witness of a woman equal to half of that of a man?’ The women said, ‘Yes.’ He said, ‘This is because of the deficiency of a woman’s mind.’”
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|