Suspect system incident verification in incident response

Hackers are becoming more sophisticated at hiding their tracks, which makes finding what was done to the system very difficult if not impossible. This article discusses technical incident response and system auditing methods that can help you quickly evaluate the status of a suspected system. Over t...

Full description

Saved in:
Bibliographic Details
Published in:Computer Technology Review 2003, Vol.23 (8), p.13
Main Author: Brown, Christopher L.T
Format: Newsletterarticle
Language:English
Subjects:
Access control
Computer forensics
Cybercrime
Forensic sciences
Hackers
Investigations
Network security
Operating systems
Security management
Technological planning
Trust
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:Hackers are becoming more sophisticated at hiding their tracks, which makes finding what was done to the system very difficult if not impossible. This article discusses technical incident response and system auditing methods that can help you quickly evaluate the status of a suspected system. Over the years, savvy system administrators have developed two methods to help resolve trust issues: 1. Create cryptographic hashes of important files on the file system. 2. Use a set of known good applications, sometimes referred to as "trusted binaries," to investigate the suspected host running from a CDROM, or remote disk.
ISSN:0278-9647