Reading Room

Incident Handling

Featuring 85 Papers as of June 20, 2013

• • Overview
  • Download
  A Practical Social Media Incident Runbook Trenton Bond - June 20, 2013

  In the course of a few short years, social media has clearly become a valuable marketing and communication tool in business strategies.

• • Overview
  • Download
  Corporate vs. Product Security Philip Watson - June 3, 2013

  When people hear "I deal with security" from any employee, the typical thought is that they are defending the enterprise, the web servers, the corporate email, and corporate secrets.

• • Overview
  • Download
  Event Monitoring and Incident Response Ryan Boyle - May 15, 2013

  System security policies can still have security holes after implementation and may even introduce unintended consequences.

• • Overview
  • Download
  Using IOC (Indicators of Compromise) in Malware Forensics Hun-Ya Lock - April 22, 2013

  In the IT operations of an enterprise, malware forensics is often used to support the investigations of incidents.

• • Overview
  • Download
  Track 3 - Intrusion Detection In-Depth GIAC Certified Intrusion Analyst (GCIA) Practical Assignment Version 4.0 Jan Stodola - October 19, 2012

  Atrix Network Consulting (ANC) is a privately held network security company, mandated with security audit of ABC University network logs.

• • Overview
  • Download
  InfiniBand Fabric and Userland Attacks Aron Warren - October 18, 2012

  InfiniBand™ is not a word used much in the hacking community. It is much like the phrase "Apple exploits" was to "Windows exploits" about 5 years ago or so.

• • Overview
  • Download
  Incident Handling in the Healthcare Cloud: Liquid Data and the Need for Adaptive Patient Consent Management Barbara Filkins - October 18, 2012

  The increasing use of electronic health record (EHR) systems, health information exchange (HIE) networks, and cloud computing significantly increases the exposure of sensitive medical information to loss of confidentiality, integrity, and availability due to data-related attacks, such as medical identity theft or insider threats (Ponemon Institute, 2011).

• • Overview
  • Download
  Shedding Light on Security Incidents Using Network Flows Kevin Gennuso - May 16, 2012

  Incident handlers, and information security teams in general, face significant challenges when dealing with incidents in modern networks.

• • Overview
  • Download
  Incident Handler's Handbook Patrick Kral - February 21, 2012

  An incident is a matter of when, not if, a compromise or violation of an organization's security will happen.

• • Overview
  • Download
  Quick and Effective Windows System Baselining and Comparative Analysis for Troubleshooting and Incident Response Kevin Fuller - February 14, 2012

  What is a baseline? The primary definition of baseline is that it is a line that is a basis of measurement (Farlex Inc, 2011).

• • Overview
  • Download
  Computer Forensic Timeline Analysis with Tapestry Derek Edwards - November 29, 2011

  One question commonly asked of investigators and incident responders is, "What happened?" The answer often takes the form of a story designed to convey understanding of complex mechanisms and interactions in a simple, straightforward way.

• • Overview
  • Download
  Identifying Malicious Code Infections Out of Network Ken Dunham - August 29, 2011

  Forensics is a complex subject, where details matter greatly. Even more complicated are investigations where forensic methods are used to further understand, identify, capture, and mature and understanding of a malicious attack that may have taken place on a computer.

• • Overview
  • Download
  Responding to Zero Day Threats Adam Kliarsky - July 20, 2011

  The internet has become a pervasive threat vector to organizations of all sizes. As new technologies are adopted to keep pace with business trends, surreptitious sources lurk in the shadows to exploit the weaknesses exposed. Sophisticated, targeted attacks such as Aurora, APT, Stuxnet, and Night Dragon have been making headlines, with goals of monetary gain and intellectual property theft.

• • Overview
  • Download
  Creating Your Own SIEM and Incident Response Toolkit Using Open Source Tools Jonny Sweeny - June 28, 2011

  When an information security analyst is investigating incidents, he or she needs to have an organized set of tools.

• • Overview
  • Download
  Wireless Networks and the Windows Registry - Just where has your computer been? Jonathan Risto - May 6, 2011

  The Windows Registry stores all of the information that is needed by the host operating system. This database contains all of the configurations, settings and options that are both created initially by the operating system, as well as user configuring settings and installed software.

• • Overview
  • Download
  Following Incidents into the Cloud Jeff Reed - March 1, 2011

  The availability and use of cloud computing continues to grow. Discussions of and references to its benefits and issues grow at a similar pace. As it continues to move from a sort of SOA of the Wild West into the mainstream, more companies will face the myriad questions arising from its use. When, why, where and how should integration with the cloud occur? How can one be certain that a cloud provider will survive through an organizations technology integration lifecycle?

• • Overview
  • Download
  Wireless Mobile Security Erik Couture - December 3, 2010

  Mobile Security: Current threats and emerging protective measures

• • Overview
  • Download
  Grow Your Own Forensic Tools: A Taxonomy of Python Libraries Helpful for Forensic Analysis T.J. OConnor - September 13, 2010

  Forensics tools exist in abundance on the Web. Want to find a tool to dump the Windows SAM database out of volatile memory? Google and you will quickly find out that it exists. Want to mount and examine the contents of an iPhone backup? A tool exists to solve that problem as well. But what happens when a tool does not already exist? Anyone who has recently performed a forensic investigation knows that you are often left with a sense of frustration, knowing data existed only you had a tool that could access it.

• • Overview
  • Download
  Integrating Forensic Investigation Methodology into eDiscovery Colin Chisholm - September 8, 2010

  The intent of this paper is twofold; to provide a primer on the eDiscovery process for forensic analysts and to provide guidance on the application of forensic investigative methodology to said process. Even though security practitioners such as forensic analysts operate in the legal vertical, they necessarily view and approach eDiscovery from a different perspective than legal professionals. This paper proposes that both parties can benefit when they integrate their processes; forensic tools and techniques have been used in the collection, analysis and presentation of evidence in the legal system for years. The history, and precedent, of applying forensic science to the legal process can be leveraged into the eDiscovery process. This paper will also detail how the scope and work for a forensic investigator during the eDiscovery process differs from a typical forensic investigation.

• • Overview
  • Download
  Orion Incident Response Live CD John Jarocki - May 7, 2010

  There are many frameworks for incident handling, including the Security Incident Handling Guide from the National Institute of Standards and Technology (NIST) (Scarefone, Grance, & Masone, 2008), (Mandia, Prosise, & Pepe, 2003), and the SANS six-step handling process (Skoudis, 2009). Carnegie-Mellons Software Engineering Institute even provided a study of these and more along with a framework for creating an incident management process tuned for a specific organization (Albert, Dorofee, Killcrece, & Zajicek, 2004). Tools for incident handling and response also exist, but responder tool kits are often built by collecting important tools one at a time until the expert incident handler has a custom set. This makes it difficult to bring in less-experienced incident response team members, and it creates challenges for collaboration during the incident as well as consistent collection and storage of evidence. Some Incident Response environments do exist, but they primarily focus on the analysis process, and do not provide a communication and collaboration framework. Nor do they usually provide a workflow based environment.

• • Overview
  • Download
  Scareware Traversing the World via a Web App Exploit Mark Hillick - April 19, 2010

  This paper will discuss the reasons behind this attack but more importantly, through following the six phases of Incident Handling in the SANS GCIH 504 course, it will provide direction on how such an incident should be handled from both the web-application side and the desktop perspective. This description will highlight how the attack was constructed with great precision and with greater control, resiliency and reliability than many top legitimate companies when they implement their IT solutions.

• • Overview
  • Download
  Incident Handling as a Service Michel Lundell - March 1, 2010

  This paper is about providing an incident handling service to companies that focus on their primary business and have limited resources to have an in-house IT security organization.

• • Overview
  • Download
  Winquisitor: Windows Information Gathering Tool Michael Cardosa - January 19, 2010

  Winquisitor is a tool that facilitates the timely retrieval of information from multiple Windows systems enabling the administrator to respond in an appropriate amount of time. Unlike other command line tools, Winquisitor allows multiple types of queries in a single command with several output formats.

• • Overview
  • Download
  Preventing Incidents with a Hardened Web Browser Chris Crowley - December 15, 2009

  There is substantial industry documentation on web browser security because the web browser is currently a frequently used vector of attack. This paper investigates current literature discussing the threats present in today's environment.

• • Overview
  • Download
  Cisco Security Agent and Incident Handling Greg Farnham - October 1, 2009

  An implementation of Cisco Security Agent (CSA) is analyzed and impacts to the incident handling process are identified. In addition, guidance is provided to configure CSA to support the incident handling process.

• • Overview
  • Download
  Simple Windows Batch Scripting for Intrusion Discovery Tim Proffitt - September 29, 2009

  Common free tools and automatic batch scripting that can be used to identify an intrusion on a Windows operating system.

• • Overview
  • Download
  Mitigating Insider Sabotage Joseph Garcia - September 28, 2009

  How failing to create an effective termination policy and deploy correct user access controls to deter insider threats can be costly.

• • Overview
  • Download
  Security Incident Handling in High Availability Environments Algis Kibirkstis - September 15, 2009

  SANS Whitepaper discussing a security incident handling process for high-availability systems.

• • Overview
  • Download
  Investigative Tree Models Rodney Caudle - September 15, 2009

  Investigative tree models provide a structured approach to incident handling during incident response. This SANS whitepaper explores definable, reproducible structures to be created facilitating controlled cost exposure during an incident response cycle.

• • Overview
  • Download
  Protecting Against Insider Attacks Brad Ruppert - August 10, 2009

  Key factors in enhancing internal security controls and protecting a company from internal attacks. Often the greatest damage can be done by someone already inside these defenses. It is imperative that companies implement internal controls to monitor, detect, and prevent access to sensitive resources to only those individuals that require it to perform their specific job function. The goal of this paper will be to identify high risk areas commonly neglected and to provide some best practice tips to enhance internal security controls.

• • Overview
  • Download
  Incident Handlers Guide to SQL Injection Worms Justin Folkerts - June 18, 2009

  This paper seeks to demystify an innovative type of attack known as a SQL Injection Worm.

• • Overview
  • Download
  Virtual Rapid Response Systems Chris Mohan - June 11, 2009

  This paper aims to provide organizations with a quick and effective response to IT security breaches at remote locations with a virtual response platform.

• • Overview
  • Download
  The SirEG Toolkit François Bégin - April 23, 2009

  This paper provides the reader an overview of the SirEG Toolkit, then discusses the type of data it captures on a suspicious host and more importantly, how that data is captured.

• • Overview
  • Download
  A Guide to Encrypted Storage Incident Handling Wylie Shanks - April 9, 2009

  Encrypted storage solutions provide confidentiality of data; however, they have also created a need for effective incident response. Privacy legislation and regulatory compliance mandates are increasingly driving encrypted storage solution deployments. This document provides incident handlers with a few tools and processes in order to respond effectively to incidents involving encrypted storage solutions.

• • Overview
  • Download
  Security Incident Handling in Small Organizations Glenn Kennedy - December 16, 2008

  Considerable research has been accomplished, with a focus on the steps necessary to create and organize an Incident Handling Team in large organizations, but the resources required for such a project do not scale down to anything usable by the Small Business community. This paper reviews current best practices in the security community, and proposes a compromise that scales these steps into something workable and acceptable to the SB community. The paper also references SANS checklists to assist the SB owner step through the processes before, during, and after a security incident, along with literature, vendor, and tool resources.

• • Overview
  • Download
  Intrusion Detection Likelihood: A Risk-Based Approach Blake Hartstein - November 5, 2008

  The goal of this paper is to highlight the useful aspects of Network Intrusion Detection System (NIDS) and Network Intrusion Prevention System (NIPS).

• • Overview
  • Download
  Tips for Making Security Intelligence More Useful Mason Pokladnik - October 9, 2008

  Trends and incidents show us when security is working. When security is failing to meet the organizations intended goal of reducing risk, we have to reevaluate our controls with the benefit of new security intelligence information. Just imagine what improvements could be made if we spent anywhere near the effort investigating the security implications of IT projects as we do the compliance issues.

• • Overview
  • Download
  Expanding Response: Deeper Analysis for Incident Handlers Russ McRee - October 9, 2008

  Most incident handlers likely have a toolkit theyre fond of that, in all probability, contains tools most handlers are familiar with. It is the intent of this paper to expand common horizons and discuss tools that may not readily appear in a typical toolkit.

• • Overview
  • Download
  An approach to the ultimate in-depth security event management framework Nicolas Pachis - June 23, 2008

  "SANS 504: Hacker Techniques, Exploits and Incident Handling" illustrates the six steps to the incident handling process: preparation, identification, containment, eradication, recovery and lessons learned. This incident response system is derived from the SANS booklet, "Computer Security Incident Handling Step by Step: A Survival Guide for Computer Security Incident Handling". The two phases we want to take a look at in this paper are preparation and identification. While the other steps are important for the continuation of the business processes for your group, paying close attention during the preparation and identification phases can speed up your response time to an incident.

• • Overview
  • Download
  Mining gold... A primer on incident handling and response Stacy Jordan - June 23, 2008

  Incident handling and response is a key area in the IT security arena. As a part of the GIAC GOLD program, several outstanding papers on the subject have been generated. This paper has collected information from those papers to serve as basic for future research. Topical areas in the paper include: defining what a incident is, incident handling process, how to create a computer incident response team and tools/resources for supporting incident handlers.

• • Download
  Creating and Maintaining Policies for Working with Law Enforcement Tim Proffitt - May 21, 2008
• • Download
  Incident Handling for SMEs (Small to Medium Enterprises) Terry Morreale - May 20, 2008
• • Overview
  • Download
  Breach Notification in Incident Handling Jeffery Buffington - March 4, 2008

  This document will provide the IT professional with a general understanding of what "breach notification" is, and demonstrate some of the variety found among the legal requirements for actually conducting notification. In addition, this document will identify some of the tools currently available that may assist an incident handler with determining what data may have actually been exposed, and offer suggested means of conducting the actual notification.

• • Overview
  • Download
  Espionage - Utilizing Web 2.0, SSH Tunneling and a Trusted Insider Ahmed Abdel-Aziz - February 11, 2008

  Since the threat trend is moving from large number and unfocused attacks to fewer, highly targeted and financially motivated attacks [Kinghorn 2007], Espionage security incidents are naturally expected to be on the rise. Through the technical report, I hope to demonstrate to the readers an example of how social networking sites that are becoming evermore popular can aid an attacker [Walls 2007], especially in the reconnaissance and exploit stages of the attack. Also highlighting the danger of the improper use of the SSH reverse tunneling technique, and how important it is to have security policy that users are aware of and follow.

• • Overview
  • Download
  Baselines and Incident Handling Chris Christianson - January 29, 2008

  Preparation is an important part of the incident handling process (SANS, n.d.); it is the only part of the process that an incident handler can do ahead of time. Preparing well can help an incident handler to identify and respond to an incident more quickly. It can also help him or her to be more efficient throughout the entire incident handling process.

• • Overview
  • Download
  Documentation is to Incident Response as an Air Tank is to Scuba Diving Chet Langin - December 11, 2007

  That IP address you just traced may result in a search warrant, an arrest, and court action. Can your documentation justify these actions, and is it ready for scrutiny? Even routine vulnerability scans and bot incidents can have unexpected results. Getting it done right the first time saves effort in the long run, preserves requisite credibility, and can save face, possibly even your job.

• • Overview
  • Download
  Multi-Tool DVD Sets: An important addition to the Incident Handler/ Pen Tester's toolkit Jamal Bandukwala - November 20, 2007

  This paper will aid the incident handling and security community by explaining and demonstrating forensically sound processes to create a powerful multi session DVD. This can be customized to contain several of the most popular Linux live CDs and a second DVD/CD that contains other tools that may not be contained on the live multi session DVD.

• • Overview
  • Download
  Creating and Managing an Incident Response Team for a Large Company Timothy Proffitt - July 18, 2007

  Using good communication skills, clear policies, professional team members and utilizing training opportunities, a company can run a successful incident response team.

• • Overview
  • Download
  An Incident Handling Process for Small and Medium Businesses Mason Pokladnik - June 18, 2007

  This paper's intention is to assist you in getting an incident response capability off the ground in a SMB environment by analyzing some of the constraints of a smaller corporate environment.

• • Overview
  • Download
  International Cybercrime Treaty: Looking Beyond Ratification Daniel Robel - March 28, 2007

  For the purposes of this paper, a global incident can be defined as an incident involving the computers, network, or assets of more than one nation-state. An incident implies harm or the attempt to harm. The term incident refers to an adverse event in an information system and/or network or the threat of the occurrence of such an event.

• • Overview
  • Download
  Pros and Cons of using Linux and Windows Live CDs in Incident Handling and Forensics Ricky Smith - February 9, 2007

  One of the first things that an incident handler takes for a potential computer incident is verifying that an incident has actually occurred. As part of the verification process, the incident handler will need to examine the system looking for the evidence of the incident.

• • Overview
  • Download
  Secure File Deletion: Fact or Fiction? John Mallery - January 18, 2007

  This paper will deal with how and where some of these files are created and how to securely remove them from a system.

• • Overview
  • Download
  Malware 101 - Viruses Aman Hardikar - June 15, 2006

  This paper provides new insights into establishing Incident Handling procedures for dealing with various types of malware. It also aims to give a detailed perspective into the various types of malware or malicious software and their propagation mechanisms.

• • Overview
  • Download
  Incident Management 101 Preparation & Initial Response (aka Identification) Robin Dickerson - January 17, 2005

  According to SANS, there are six steps involved in properly handling a computer incident: Preparation, Identification, Containment, Eradication, Recovery, and Lessons Learned. Incident Management 101 provides guidelines, procedures, and tools designed to assist security specialists with the first two phases of Incident Management Preparation and Initial Response (aka Identification phase).

• • Overview
  • Download
  Reporting Incidents to an ISP with BlackICE ClearICE Report Utility and the Importance of Submitting Firewall Logs to the Dshield.org Project Victor Arnaud - March 9, 2004

  This practical has two objectives: guide users of BlackICE to report incidents to their ISPs (using ClearICE Report Utility) and show users the importance of submitting firewall logs to the dshield.org project.

• • Overview
  • Download
  Implementing a Computer Incident Response Team in a Smaller, Limited Resource Organizational Setting Mary Hall - October 31, 2003

  Development and implementation of a Computer Incident Response Team is a major undertaking in any organization.

• • Overview
  • Download
  Windows Responders Guide Koon Tan - October 31, 2003

  This paper provides the first responder guide to handle incident occur on a Windows platform system.

• • Overview
  • Download
  Building an Incident Response Program To Suit Your Business Tia Osborne - October 31, 2003

  The purpose of this paper is to outline the key concepts of an Incident Response Program (IRP).

• • Overview
  • Download
  Developing a Computer Forensics Team Christine Vecchio-Flaim - October 31, 2003

  Efforts to establish sound information assurance programs are rapidly evolving due to increased connectivity, enhanced technology, and the continuous introduction of operating and application systems software.

• • Overview
  • Download
  Proposed Conceptual Tools for Managing Cost and Complexity When Securing Networks Kathleen Howard - October 31, 2003

  This paper will describe the cost and complexity issues facing security professionals, outline the desired outcome in facing these issues, and finally will suggest initial proposals for reaching those goals.

• • Overview
  • Download
  Identify Intrusions with Microsoft Proxy Server, Web Proxy Service and WinSock Proxy Service Log Fil Saundra Coward - October 31, 2003

  This paper provides a guide on how to identify intrusions using Microsoft's Proxy Server log files.

• • Overview
  • Download
  Nailing the Intruder Vinay Disley - October 31, 2003

  This paper is an attempt to link the various aspects of evidence relating to computer crime, the sources of such evidence and some tips on how to identify systems compromised and cull out evidence from the same.

• • Overview
  • Download
  Reporting Unauthorized Intrusions: A "How To" Guide Melton Roland - October 31, 2003

  This paper provides a "how to" guide for reporting unauthorized intrusions.

• • Overview
  • Download
  The Enemy Within: The Role of the Security Administrator in Apprehending and Terminating the Malicio Robin Stuart - October 31, 2003

  The following information is set forth to generally describe the tools available to security administrators to facilitate the apprehension and participate in the resolution of internal threats to your organization's sensitive or restricted resources.

• • Overview
  • Download
  Successful Partnerships for Fighting Computer Crime Beth Binde - October 31, 2003

  Given the wide range of possible criminal activities in the high technology arena, computer security officers need to be prepared to respond to computing incidents that are not only against the local acceptable use policy for computers and networks, but also violate federal, state or local statutes.

• • Overview
  • Download
  Information Security: Handling Compromises Craig Bowser - October 31, 2003

  While the corporate sector may not be guarding national secrets, they are protecting valuable information such as trade secrets, financial documents and personal information.

• • Overview
  • Download
  Collection and Dissemination of Computer and Internet Security Related Information Scott Fox - October 31, 2003

  Ongoing advances in technology and the growth of the Internet are introducing not only an increase in the number of vulnerabilities being found, but also an increase in the complexity of system administration, incident handling and forensic analysis work.

• • Overview
  • Download
  Adventures in Computer Forensics Diana Michaud - October 31, 2003

  Computer forensics is one piece to the investigative puzzle.

• • Overview
  • Download
  CodeRed II: Incident Handling Process and Procedures Michael Goodwin - October 31, 2003

  This paper uses the CodeRed II virus as a template to generate questions to help you better prepare for the next virus outbreak.

• • Overview
  • Download
  Building a Low Cost Forensics Workstation Matthew McMillon - October 31, 2003

  This paper will outline the fundamentals of computer forensic investigation and then, based on these essentials, create requirements for a low cost forensics workstation for use in electronic investigations.

• • Overview
  • Download
  Investigating an Internal Case of Internet Abuse Mal Wright - October 31, 2003

  I was recently required to investigate an incident of Internet abuse and this essay describes the detection, investigation and various tools used to collect the evidence.

• • Overview
  • Download
  Computer Incident Response Team Michelle Borodkin - October 31, 2003

  This paper is designed to answer the big questions about Computer Incident Response Teams including: What is a CIRT? Who should be on a CIRT and what function will they serve? And, What steps need to be taken to implement a CIRT?

• • Overview
  • Download
  Incident Response and Creating the CSIRT in Corporate America Chris Thompson - October 31, 2003

  The purpose of this document is to discuss implementing a formal incident response organization.

• • Overview
  • Download
  An Overview of Disk Imaging Tool in Computer Forensics Madihah Saudi - October 31, 2003

  The objective of this paper is to educate users on disk imaging tool, issues that arise in using disk imaging, offer recommended solutions to these issues and examples of disk imaging tool.

• • Overview
  • Download
  Combating Computer Crime Jason Upchurch - October 31, 2003

  Computer crime and computer related crimes are growing areas of concern for both law enforcement and businesses alike.

• • Overview
  • Download
  Corporate Incident Handling Guidelines David Theunissen - October 31, 2003

  If you are a large multinational corporation without a large security function, this paper will help you approach some of the common problems in preparing incident handling procedures.

• • Overview
  • Download
  From Events to Incidents Charles Pham - October 31, 2003

  This paper is an attempt at clarifying "events" and "incidents" for training purposes so that effective filtering can be apply when it come to reporting an incident.

• • Overview
  • Download
  Computer Forensics: Introduction to Incident Response and Investigation of Windows NT/2000 Norman Haase - October 31, 2003

  The purpose of this paper is to be an introduction to computer forensics.

• • Overview
  • Download
  Computer Forensic Legal Standards and Equipment Damian Tsoutsouris - October 31, 2003

  Computer Incident Response Teams (CIRTs), network security, and intellectual property (IP) security are growing in importance and are becoming many companies' top priority in this age of increased security conscious commerce

• • Overview
  • Download
  One Incident Of Remediating The CRC 32 sshd1 Vulnerability Rebecca Sander - October 31, 2003

  The purpose of this paper is to document the process I used to respond to the CRC32 sshd1 vulnerability.

• • Overview
  • Download
  Deterring Cyber Attacks Christy Bilardo - October 31, 2003

  This paper provides a Strengths, Weaknesses, Opportunities and Threats [SWOT] Analysis to help you analyze three alternatives and recommend the best one to upper management.

• • Overview
  • Download
  The Coroners Toolkit - In depth Clarke Jeffris - October 31, 2003

  In this paper describes evidence gathering on a Unix system using 'The Coroners Toolkit' version 1.09 hereafter referred to as TCT.

• • Overview
  • Download
  Computer Forensics - We've Had an Incident, Who Do We Get to Investigate? Karen Ryder - October 31, 2003

  So how does a manager (IT or not) decide how to investigate an incident? This paper's aim is to provide Australian managers with a basis to make this decision by providing an insight into computer forensics and evidence handling, and giving advantages and disadvantages for each option.

• • Overview
  • Download
  What You Don't See On Your Hard Drive Brian Kuepper - October 31, 2003

  This paper will address the issue of retrieving data that has been deleted and hidden access and control of your computer, looking at the recent development of rootkits designed for Microsoft Windows operating systems.

• • Overview
  • Download
  Forgetting to Lock the Back Door: A Break-in Analysis on a Red Hat Linux 6.2 Machine Gary Belshaw - October 31, 2003

  This document is intended to highlight the steps taken in ascertaining the level of damage done in a network break-in (or hack attack) on our system, and the steps taken in rectifying the damage.

Masters This paper was created by a SANS Technology Institute student as part of their Master's curriculum.