Chapter 21. Forensics

So, you have gone and made your computer available to the Internet. In fact, it is a lot more available than you ever expected. With all the hackers and malware floating around in cyberspace, it is a wonder nothing happened sooner. Maybe it has, but you never knew it. It has sure happened to me more than once.

Imagine a scenario in which the latest and greatest Microsoft Windows vulnerability goes public. Apparently there are services running on your computer, available to the world, which have a bug allowing anyone or anything with the know-how to take control of your computer. Not even hours after (or maybe weeks before) this news is made public, exploits circulate the Internet to demonstrate how to best take advantage of this new vulnerability. Unfortunately, you were a little late to patch your server and you have a real problem on your hands. First, your server has inexplicably rebooted several times during the course of the night. Then you received a wake-up call at 8 A.M. from your friendly ISP informing you that your monthly bandwidth has been grossly exceeded because of a sudden increase in FTP traffic. Apparently, your tiny corner of the Internet has become the latest distribution center for stolen source code. You have been hacked: pull the plug!

That scenario was just a bit extreme. A far more likely situation is that a worm, taking advantage of the same new vulnerability, has turned your poor workstation into a spam relay or mindless drone in a massive ...

Get Security Power Tools now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.