Security Incidents mailing list archives

Re: Gathering volatile information

From: Kyle Maxwell <krmaxwell () gmail com>
Date: Wed, 13 Apr 2005 15:22:14 -0500

On 4/13/05, Bob the Builder <builder173 () hotmail com> wrote:

In the Unix environment there seem to be various lists of bits and pieces
but no really definitive list of commands related to gathering volatile
information that you should and shouldn't run and what types of things they
are likely to interfere with. Am I missing something here, does just such a
list exist and I'm just not looking in the right place, or is it about time
somone set about righting one? I'm not talking about a religious argument on
the merits of what stage a machine should be taken offline at but more what
the volatile data gathering options are that are available to you if as in
incident handler you need them.


Try http://www.cert.org/tech_tips/intruder_detection_checklist.html,
that may be what you're looking for.

-- 
Kyle Maxwell
[krmaxwell () gmail com]

--------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from
CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
to learn more.
--------------------------------------------------------------------------

Current thread:

Gathering volatile information Bob the Builder (Apr 13)
- Re: Gathering volatile information Kyle Maxwell (Apr 13)
- Re: Gathering volatile information Russell Fulton (Apr 14)
- <Possible follow-ups>
- Re: Gathering volatile information Jeff Bryner (Apr 13)