12.IND Lecture Notes - Lecture 8: Encase, Cryptographic Hash Function, Temporary File
Document Summary
Future prevention: without knowing what happened, you have no hope of ever being able to stop someone else from doing it again. Responsibility: the attacker is responsible for the damage done, and the only way to bring him to justice is with adequate evidence to prove his actions. The victim has a responsibility to the community. Information gathered after a compromise can be examined and used by others to prevent further attacks: collection options. Once a compromise has been detected, you have two options: Leave it online and attempt to monitor the intruder: you may accidentally alert the intruder while monitoring and cause him to wipe his tracks any way necessary, destroying evidence as he goes: obstacles. Computer transactions are fast, they can be conducted from anywhere, can be encrypted or anonymous, and have no intrinsic identifying features such as handwriting and signatures to identify those responsible.