Collecting the Information

You should be aware that what follows is not a detailed method for collecting evidence for submission to a court of law. If you are planning on prosecuting an offender, you should immediately engage a professional forensics company to do proper collection of evidence. Do not attempt to change anything; contact a professional. The law requires very specific steps to gather, store, and transport digital evidence.

Additionally, you may easily miss something that a professional would not. If you have any legal questions regarding this process, consult your attorney, because this book is not offering any legal advice.

For the purposes of this discussion, collecting the information is solely for ensuring that the damage is repaired, and changing processes to prevent attacks in the future.

Logs tell you a lot about what the hacker did or didn't do. Likewise, the absence of logs could indicate the hacker erased them. To do so would require a higher level of privilege than a typical web application break-in.

image Not all problems in an operation are related to security. Some can be related to availability, meaning that the asset (server) was not available, thus impacting the site.

The server (hardware) logs would be of interest to you if you own your own equipment. Today's server equipment can tell you a lot about how the machine is doing. Knowing that a potential ...

Get CMS Security Handbook: The Comprehensive Guide for WordPress®, Joomla!®, Drupal™, and Plone® now with the O’Reilly learning platform.

O’Reilly members experience live online training, plus books, videos, and digital content from nearly 200 publishers.