[Dshield] Interesting Zombie Data Graphs

MaXX bs139412 at skynet.be
Fri Nov 11 17:49:44 GMT 2005

On Friday 11 November 2005 18:02, Chris Brenton wrote:
> The way
> the laws are written, just accessing a kiddie porn file that someone
> else parked on your system puts you on the wrong end of the law. Even
> the act of deleting the file can get you in trouble.
You mean "destruction of evidence"? As English is not my native tongue I may 
have missed something. Being completly naive is also an option...

Let's say: reading my morning logs, I notice that my system has been 
compromised; I take the machine offline, find the vector and jump on my 
backups. Then I restore the machine in the last good state, and patch the 
system and disable the component involved in the intrusion. I could get in 
trouble for that wheather I've checked or not what's the actual content 
dropped/hidden on the machine?

In that case I'll change the way I will handle that case if it appen...

> I've personally worked on these cases in the past. Please trust me when
> I say the tolerance is even less than zero (and rightfully so).
I trust you.


More information about the list mailing list