[Chixla] Thursday, Feb 5 -- Interesting UUASC meeting on Forensics

[SMichelle]

Hey all!  This UUASC meeting on computer forensics looks very
interesting and I'm planning on attending. Is there anyone else
interested? http://www.bolthole.com/uuasc-la/
/Sharon
****************** excerpt from meeting description
Forensics
Whether you manage a corporate LAN or simply run a home computer, this
program is a must because a security expert is going to show us how to
determine if a system has been hacked.
At the February program of UUASC-LA, popular security instructor Darren
Hoch now with Accenture (via Sun Ed), who provided an exciting
presentation to us on arp poisoning back in 2003, returns to teach us
how to investigate compromised systems using Solaris Fingerprint
Database, Tripwire, truss, lsof, netstat, and some of the most popular
open source utilities including Coroner's Toolkit.
We'll take a look at a couple of drive images from compromised Solaris
production servers collected during the past year or two, and locate the
common signs of an attack: root kit/trojan binaries, loadable kernel
modules, illegally bound ports/back doors, and IRC/DDoS agents. Although
Solaris will be used as the frame of reference to do forensics, the
techniques employed are not limited to any particular flavor of UNIX.