On Tue, Dec 19, 2000 at 10:07:45AM -0500, Bill Vermillion thus spoke:
> On Tue, Dec 19, 2000 at 03:24:15AM -0500, Mike Nowlin thus spoke:
Damn - been one of those days. I looked at the sources to get
Wietse's name spelled right, and copied out the source address but
negelected to include that.
Bad form to follow up your own message - the relevant part is below
for reference. Here are the addresses for the source:
http://www.fish.com/forensics/
http://www.porcupine.org/forensics/
> > With a bit of patience, it's amazing what will show up -- usually,
> > the former contents of /var/log/* will show up as large chunks
> > that are easily read... Turns out I found this guy's IP address
> > and the time the system was blasted - a call to MCI resulted in a
> > small amount of satisfaction...
>
> It's amazing what TCT - The Coroners Toolkit - will display.
> 'lazurus' causes files to rise from the dead. Used ahead of
> time you can run MD5 on the entire system so you can check
> everything if you beleive you've been broken into.
>
> Dan Farmer and Wietse Venema wrote it.
>
> Bill
> --
> Bill Vermillion - bv @ wjv . com
>
>
> To Unsubscribe: send mail to [EMAIL PROTECTED]
> with "unsubscribe freebsd-net" in the body of the message
>
--
Bill Vermillion - bv @ wjv . com
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-net" in the body of the message
