INCIDENT
HANDLING &
RESPONSE
Home |
Objectives |
Forum |
Security Links |
Tutorials |
People
- White Papers
- Incident Response ,by Allaire Corporation
Basic guidelines for handling security-related incidents and network intrusions
- Steps for Recovering from a UNIX or NT System Compromise ,by CERT/CC & AusCERT, HTML
This document is being published jointly by the CERT Coordination Center and AusCERT (Australian Computer Emergency Response Team). It describes suggested steps for responding to a UNIX or NT system compromise.
- Computer Emergency Response - An International Problem, by CERT/CC, PDF, 8 pages
This paper addresses the need for such cooperation and suggests methods by which individual computer security response groups can work together internationally to cope with computer security incidents.
- NAS Security Incident Handling Procecures, by NAS, PDF, 8 pages
This document provides some general guidelines and procedures for dealing with computer security incidents.
- Expectations of Computer Security Incident Response, RFC 2350, TEXT
This document specifies an Internet Best Current Practices for the
Internet Community, and requests discussion and suggestions for
improvements.
- Unix Incident Guide: How to Detect an Intrusion, by CIAC(Computer Incident Advisory Capability) Team
This document contains step-by-step instructions to follow if you are investigating an actual security incident. It can also be used as a tutorial in general techniques for use if an attack occurs.
- Incident Response and Recovery Consulting Service. , by symantec, PDF, 2 pages
This document describes their security services.
- Tools
- MAC Daddy - MAC Time Collector for forensic incident response.
The idea behind modifying these programs is to allow for a first responder to grab mactimes without having to install the full Coroner's Toolkit. In addition, you need something portable that will not write to the evidence itself on the victim system while in response to an intrusion. In fact, this tool can be run to see if an intrusion had taken place.
Note: The "MAC" stands for the Modification, last Access and Creation.
- RECOVER v1.2 - ext2 filesystem undelete utility.
- Windows NT/2000 Incident Response Tools by John McLeod
The Incident Response Collection Report (IRCR) is similar to The Coroner's Toolkit (TCT) by Dan Farmer & Wietse Venema. This program is a collection of tools that gathers and/or analyzes forensic data on a Microsoft Windows system.
Copyright(c) 2001
HackerProof. All rights reserved.
Last Update: