Interested in learning more about security?
SANS Institute InfoSec Reading Room
This paper is from the SANS Institute Reading Room site. Reposting is not permitted without express written permission.
Orion Incident Response Live CD
Computer intrusion response often requires working in hostile environments. In an ideal situation, the defender would work on trusted systems, with trusted even out-of-band communications channels. This paper assumes a non-ideal situation that more likely matches the norm. In this environment, everything is suspect: servers might be compromised, clients might be hostile, and the network itself could be suspect. The proposed solution is a custom-built, persistent Live CD pre-installed with incident response and ...
Copyright SANS Institute Author Retains Full Rights