© SANS Institute 2000 - 200 5, Author retains full rights. - matus
© SANS Institute 2000 - 200 5, Author retains full rights. - matus
© SANS Institute 2000 - 200 5, Author retains full rights. - matus
- No tags were found...
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
Forensic Analysis of a Compromised Intranet Server2.3Evidence collection phaseKey fingerprint = AF19 FA27 2F94 998D FDB5 DE3D F8B5 06E4 A169 4E46The process collecting evidence from a machine running theWindows OS is depicted in the following flow-chart:© <strong>SANS</strong> <strong>Institute</strong> <strong><strong>200</strong>0</strong> - <strong>200</strong> 5, <strong>Author</strong> <strong>retains</strong> <strong>full</strong> <strong>rights</strong>.Key fingerprint = AF19 FA27 2F94 998D FDB5 DE3D F8B5 06E4 A169 4E46Roberto Obialero© <strong>SANS</strong> <strong>Institute</strong> <strong><strong>200</strong>0</strong> - <strong>200</strong>5 <strong>Author</strong> <strong>retains</strong> 15 <strong>full</strong> <strong>rights</strong>.