Skip to Main Content
Network Security Hacks, 2nd Edition
book

Network Security Hacks, 2nd Edition

by Andrew Lockhart
October 2006
Intermediate to advanced content levelIntermediate to advanced
478 pages
12h 11m
English
O'Reilly Media, Inc.
Content preview from Network Security Hacks, 2nd Edition

Chapter 12. Recovery and Response

Incident recovery and response is a broad topic, and there are many opinions on the proper methods to use and actions to take once an intrusion has been discovered. Just as the debate rages on regarding vi versus emacs, Linux versus Windows, and BSD versus everything else, there is much debate in the computer forensics crowd on the “clean shutdown” versus “pull the plug” argument. Whole books have been written on recovering from and responding to incidents. There are many things to consider when doing so, and the procedures you should use are far from well defined.

With this in mind, this chapter is not meant to be a guide on what to do when you first discover an incident, but it does show you how to perform tasks that you might decide to undertake in the event of a successful intrusion. By reading this chapter, you will learn how to properly create a filesystem image to use for forensic investigation of an incident, methods for verifying that files on your system haven’t been tampered with, and some ideas on how to quickly track down the owner of an IP address.

Image Mounted Filesystems

Make a bit-for-bit copy of your system’s disk for forensic analysis.

Before you format and reinstall the operating system on a recently compromised machine, you should take the time to make duplicates of all the data stored on the system. Having an exact copy of the contents of the system is not only invaluable for investigating a break-in, but might also be necessary ...

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Start your free trial

You might also like

Network Security Hacks

Network Security Hacks

Andrew Lockhart
Linux: Powerful Server Administration

Linux: Powerful Server Administration

Uday Sawant, Oliver Pelz, Jonathan Hobson, William Leemans

Publisher Resources

ISBN: 0596527632Errata Page