Forensics in Spanish
Windows Intruder Detection Checklist Feb 15 2006 02:25AM
Jeimy José Cano Martínez (jcano uniandes edu co)

Estimados profesionales,

Adjunto enlace a lista de chequeo propuesta por el CERT norteamericano para la
detección de posibles intrusiones en sistemas windows. Espero sea de utilidad.
This document outlines suggested steps for determining whether your Windows
system has been compromised. System administrators can use this information to
look for several types of break-ins. We also encourage you to review all
sections of this document and modify your systems to address potential

The term "Windows system" is used throughout this document to refer to systems
running Windows 2000, Windows XP, and Windows Server 2003. Where there is a
distinction between the various operating system versions (e.g., a capability
available to only one OS version) the document will note this as such.

In this document, we make a distinction between the terms "auditing" and
"monitoring". We use auditing to indicate the logging or collection of
information and use monitoring to indicate the routine review of information
obtained by auditing to determine occurrences of specific events.


Jeimy J. Cano, Ph.D, CFE
Universidad de los Andes
Bogota, D.C

Editor of "Critical Reflections on Information Systems. A systemic approach"

Este correo y su contenido son confidenciales y exclusivos para su
destinatario. Si usted recibe este mensaje por error o no es el destinatario
del mismo, por favor sírvase eliminarlo y notificarle a su originador. Así
mismo, todas las ideas y reflexiones expresadas en esta comunicación
corresponden al originador del correo y NO representa la posición oficial de su
This email is intended only for the addressee(s) and contains information which
may be confidential, legally privileged. If you are not intended recipient
please do not save, forward, disclose or copy the content of this email. Please
delete it completely from your system and notify originator.Finally, all
ideas expressed in this communication are personal comments and NOT represent
official position of his employer.

[ reply ]


Privacy Statement
Copyright 2010, SecurityFocus