Robert Hensing has some nice updates to his blog entitled "Anatomy of...". It's worth taking a look to see what Robert looks for when dealing with incidents.
Robert is a Microsoft employee, and does incident response for customers. One caveat with regards to his blog, though...Robert mentions some things (ie, WOLF, rootkit detection) that he can only mention, and cannot provide details (or copies) of. Even so, he does a great job of walking through some of the things that he looks at with regards to incidents.
No comments:
Post a Comment