> I wouldn't call someone ignorant because they didn't know about a particular process.
Really? Well, I guess it's a matter of semantics.
Ex When looking at the 'russiantopz' bot, I first received notification that this bit of malware had been "found" on an IIS server…the dir transversal exploit was used (yes, this was a while ago). While the admin on the machine claimed that a rootkit was used, the malware itself was running as "statistics.exe". Even pointing to the listing visible in the Task Manager did nothing whatsoever to clue the admin into what was going on.
When I've taught my IR course, I've watched while admins have opened Task Manager to see what processes are running. Unfortunately, this doesn't provide sufficient information to highlight what is "suspicious" or "unusuaul"…nor does pslist.exe. You need to see where the executable image "lives" within the file system, and what command line was used to launch the process.
Is it ignorant not to know? No…none of us know everything. Is it ignorant to not *want* to know?
Harlan
Ignorance is a lack of knowledge, or a wilful lack of desire to improve the efficiency, merit, effectiveness or usefulness of one's actions. Therefore, without wishing to turn this debate into a trivial argument over meaning, it is both ignorant not to know something and to be disinterested in knowing something. And in relation to those who don’t want to know then it would seem they’re in the wrong line of employment.
Are we here to help those who are ignorant succeed or fail? The choice is ours.
Being too judgemental and harsh towards other members and visitors is only going to hurt the forum and the community.
Since ignorance is indeed bliss, but willful ignorance is unheard of, what is the intellectual to do?
There is a right and a wrong way to help people out.
Correcting someone who misspelled a word is not the way to do it. Calling someone ignorant because they didn't know about a process that he did is not the way.
Just to clarify my stand point. I do not consider myself to be superior to anyone within this forum. When I used the term ignorant or ignorance in my earlier posts I was not making disparaging remarks about anyone's standard of education or intellect, and didn't mean for it to be interpreted negatively. I was simply using it as a mechanism to describe a lack of computer forensics or computer security knowledge, either in general or in part.
Are we here to help those who are ignorant succeed or fail? Succeed, that's what this forum is about and where I have received advice to overcome my own ignorance at times. And I certainly wouldn't want to damage the forum or the community.
Not you Rabbit
Then who?
Harlan
Clarification
My post was not directed at anyone specific and especially not fatrabbit.
It was just my opinion.
Clarification
Busting someone's chops for not knowing something is not the right way to handle it. However, if that person refuses to (a) accept that they don't know it, (b) accept that they need to know it, and © at least make the attempt to learn, then what's a fella to do?
Harlan
Recently at the Techo Forensics 2005 conference Chris Taylor did a presentation on NTFS and FAT forensics using WinHex. He clearly demonstrated that how valuable it is to master the fundamentals of a file system you are examining. I clearly saw how a automated/tailored tool would have missed/ignored certain artifacts of a file.
I spoke with Jack Wiles of The Training Co. and he said it was OK to post this link http//
There you will find some of the presentations given at the Techno Forensics Conference last November.