On Tue, Dec 30, 2008 at 8:24 AM, abdelkader belahcene <abelahc...@gmail.com> wrote: > Hi, > I fear that an attack or an entry in my PC has occured, how to find the > trace of the attacks.
It depends entirely on what the attacker did on your system. If you haven't already you should shut down the system (either power it down or simply pull the chord depending on what school of thought you subscribe to). Then take a complete copy of the HDD, now you can mount the HDD in read-only mode in another computer (one that is guaranteed to not have been broken into, i.e. a newly installed system that isn't connected to the internet). After that you need to start looking for "abnormal things" e.g. in log files. Read up on computer forensics to learn more. If you aren't under some sort of legal pressure to find out what the attacker did or have something very valuable stored on your computer I would simply re-install the entire system. Any files you save must be carefully inspected to make sure they haven't been infected in some way. /M -- Magnus Therning (OpenPGP: 0xAB4DFBA4) magnus@therning.org Jabber: magnus@therning.org http://therning.org/magnus identi.ca|twitter: magthe
