When a critical enterprise server is breached, a well thought-out incident response plan will help you contain damage, speed up service restoration, and collect forensic information. If you have reason to believe that a system has been compromised, either by an Intrusion Detection alert or by suspicious activity, the first thing to do is isolate the system before it can do damage. It is most likely dangerous to log into the system and try to do a normal shutdownâ€”the shutdown procedure could have been booby-trapped to cause the system to self-destruct. Likewise, rebooting the system is risky â€“ again, a booby trap could have been inserted. Even logging into the system is unsafe, as trusted programs could have been replaced with malicious Trojans. In fact, a compromised system is never what it seemsâ€”a skilled attacker will hide his malware and create the illusion that all is as it should be, when the reality is that the machine is actually a zombie. A compromised machine cannot be trusted at all…
Cyacomb's Graham Little & Mike Burridge on Making the Online World a Safer Place
Rainbowboy: How the Mobile IT-Forensic Laboratory Helps German Police Solve Their Cases Faster
Detective Lee Bieber on Digital Forensics Tools for Complex Cases
Important: No API Key Entered.
Many features are not available without adding an API Key. Please go to the YouTube Feed settings page to add an API key after following these instructions.