SANS Digital Forensics and Incident Response Blog: Tag - sorter

You will be hacked, will you be prepared?

"Hope for the best, prepare for the worst." — English proverb

"Before anything else, preparation is the key to success." — Alexander Graham Bell

Forensic analysts and the organizations employing them can simplify and expedite the forensic analysis process with preparation. If you accept that system compromise is a matter of when not if, then prepare your systems in advance for forensic analysis.

Before moving systems into production, grab a copy of Jesse Kornblum's MD5Deep from http://md5deep.sourceforce.net and create MD5 checksums of all the files on the system. Have your desktop folks incorporate this into their image building process. If you're really diligent, update your hashes after applying patches.

Astute readers will say, "I can download known hashes from NIST's

...