Checking for Signs of a Compromised System

Here's another useful resource for checking systems for signs that it might have become compromised.

ITPro Today

January 18, 2005

1 Min Read
ITPro Today logo in a gray background | ITPro Today

Yesterday I posted a blog entry about a whitepaper that explains how to gather forensic evidence from a Windows system. I found another useful whitepaper that explains how to check a system for signs of compromise. The whitepaper, "Checking Microsoft Windows® Systems for Signs of Compromise," (available in PDF format) offers a high-level perspective on the basics of system analysis.

As you'll see when you read the whitepaper, the introduction states that, "This guide does not cover the administrative aspects of a compromise, rather it is intended to outline useful tips in finding malware, links to tools for examining the system and define the reasons for undergoing this work.

"This document will deal with basic levels of intrusion analysis, aimed mainly at intrusions on desktop systems, or initial examination of servers. It is not an in depth technical discussion of recovery of mission critical servers. It should also be noted that a number of these tools will change the file system - this will more than likely make the drive inadmissible as evidence. If you think you might want to involve law enforcement, this isn't the guide to read! "

Sign up for the ITPro Today newsletter
Stay on top of the IT universe with commentary, news analysis, how-to's, and tips delivered to your inbox daily.

You May Also Like