![[Company Logo Image]](images/logo.gif){kind=logo}
Data
Forensics Engineering
|
|
|
|
A Forensics response to an intrusion involves collecting volatile data that does not necessarily meet the criteria for non-intrusive non-evasive look at media. There is a lot of information in memory, network connections and processes running that need to be archived before systems are turned off in the case of an intrusion. The following steps and programs will assist you in developing a process to archive the volatile information. Any tools that use external commands should be archived on media that is write protected and used for a response. Rootkits are notorious for subverting command line tools or changing their ability to reveal an attack. The Tools section provides information about many of the tools needed to investigate an incident. You should review the tools, make sure you have the latest version, and use them from secure media that you have created. The most important action is to preserve all collected information during an incident to discover if there are any processes or connections that are not authorized.
|
|
Send mail to info@dataforensicsengineering.com with
questions or comments about this web site.
|
