|
-
June 19th, 2008, 01:01 PM
#11
Yes,
I guess that the professionals found a contaminated forensic environment with no clear division of ownership? not much you can do there?
I mentioned sleuthkit as anyone with half a brain in IT could have done a much better "forensic" report. But as far as I know this hasn't been done.
True, but we wouldn't have let it happen in the first place? When redeploying you always wipe and reinstall?
-
June 19th, 2008, 01:31 PM
#12
With a proper forensic analysis you should be able to tell if the files were on that disk before or after he got it (file ownership, creation dates etc). You might also be able to tell if it really was caused by the malware or by a person using the machine.
You carefully gather all evidence. Subpoena Google to get those searches? ISP data? You go over the HD with a fine toothed comb. Order everything chronologically. And if you eliminate all possibilities, whatever is left however improbable, must be the truth..
But perhaps I've been watching to much CSI 
Oliver's Law:
Experience is something you don't get until just after you need it.
-
June 19th, 2008, 02:43 PM
#13
Well SD~, maybe rcgreen needs this:
http://zapatopi.net/mindguard/
Similar Threads
-
By E5C4P3 in forum AntiVirus Discussions
Replies: 12
Last Post: April 30th, 2013, 08:05 PM
-
By foxdie in forum AntiVirus Discussions
Replies: 11
Last Post: April 4th, 2004, 02:52 AM
-
By ahmedmamuda in forum AntiVirus Discussions
Replies: 2
Last Post: March 20th, 2002, 02:03 AM
-
By 3ntropy in forum AntiOnline's General Chit Chat
Replies: 10
Last Post: March 4th, 2002, 11:32 PM
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|
Reply With Quote