The Windows Incident Response Blog is dedicated to the myriad information surrounding and inherent to the topics of IR and digital analysis of Windows systems. This blog provides information in support of my books; "Windows Forensic Analysis" (1st thru 4th editions), "Windows Registry Forensics", as well as the book I co-authored with Cory Altheide, "Digital Forensics with Open Source Tools".
Pages
▼
Tuesday, February 15, 2005
Incidents Question, part 2
Speaking of incidents, who out there is doing incident response on Windows systems? Seriously...from some of the lists I read (ie, SecurityFocus), I get the impression that the default behaviour of most admins is to grab a minimal amount of info, post to the lists, and then reinstall the system. Is this really the case?
No comments:
Post a Comment