[Dshield] Interesting Zombie Data Graphs
bs139412 at skynet.be
Fri Nov 11 17:49:44 GMT 2005
On Friday 11 November 2005 18:02, Chris Brenton wrote:
> The way
> the laws are written, just accessing a kiddie porn file that someone
> else parked on your system puts you on the wrong end of the law. Even
> the act of deleting the file can get you in trouble.
You mean "destruction of evidence"? As English is not my native tongue I may
have missed something. Being completly naive is also an option...
Let's say: reading my morning logs, I notice that my system has been
compromised; I take the machine offline, find the vector and jump on my
backups. Then I restore the machine in the last good state, and patch the
system and disable the component involved in the intrusion. I could get in
trouble for that wheather I've checked or not what's the actual content
dropped/hidden on the machine?
In that case I'll change the way I will handle that case if it appen...
> I've personally worked on these cases in the past. Please trust me when
> I say the tolerance is even less than zero (and rightfully so).
I trust you.
More information about the list