Hosting Provided By

Re: Possible forensic issue with grub and RH8.0

From: Anthony D Cennami <acennami(at)metconnect.net>
Date: Fri Jan 10 2003 - 21:52:07 EST

In addition to the other valuable responses to this question, I would like to add this:

You made mention of the possible ramifications and compromise of data integrity this may lead to.

Integrity is of the utmost importance in any investigation, particularly on the original evidence. This is why original evidence, particularly harddrives, should _NEVER_ be placed directly into a live machine. Make an initial copy, ideally with a hardware duplication device or dedicated application/Boot CD, and store it safely, using the duplicate for any investigation.

In addition to safe storage, it is also advisable, where possible, to disable write functions on the drive/peripheral (such as hardware r/o jumpers on a harddrive) prior to deploying the device for forensic analysis.

Regards,

Anthony

Hovis Chasteen wrote:
> Greetings,

This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com Received on Sat Jan 11 20:51:13 2003

Do you need help?

This message: [ Message body ]
Next message: Mark G. Spencer: "MD5 Exploit Database?"
Previous message: Stephen Menard: "Re: Possible forensic issue with grub and RH8.0"
In reply to Hovis Chasteen: "Possible forensic issue with grub and RH8.0"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:01:42 EDT