Use your computer fearlessly.

Mission Services Articles Research

business: containment

technical: clean-up: Containment, Clean-up, Corporate, Life

technical: cybersecurity

Why Clean-up Hacking?

by Brent Kirkpatrick

(Date Published: . Revised: 10/19/2018)

Clean-up attempts to remove all foreign machine code and to block re-infection.

Clean-up aims to remove all the hackers' tools for access. Hacking is defined as unauthorized access to computers. To gain access, hackers usually install some foreign machine code in the memory or the hard-drive of a computer. Clean-up removes foreign machine code and blocks re-access or re-infection.

Hacker's do not always install machine code on the hard-drive of a computer while gaining access. Sometimes they gain run-time access to the memory, without installing anything on the hard-drive. In other cases, hackers are able to read the contents of the memory without even gaining run-time access. Clean-up also involves preventing these types of unauthorized access.

motherboard and broom

Clean-up is a graduated type of incident response. Typically, incident responders believe they are responding to a single intrusion by a single hacker. This is not the case with clean-up, where we assume there could be multiple intrusions.

One way to proceed with clean-up is to start with digital forensics. Many business people are interested in obtaining digital evidence of intrusion before they take steps to prevent the intrusion. However, digital forensics can take months of work, and it is irresponsible to let the hackers have access during the months that it takes to recover detailed evidence. Also, there are significant hacks that are not detectable with standard digital forensics approaches.

Detection, rather than digital forensics, typically drives clean-up. Detection is lite digital forensics. These methods look for strange activities on computers and networks. When a detection method alerts us to strange activities, then responsible administrators initiate clean-up procedures.

Clean-Up (TM). Incident response driven by data.

Technical Articles

Impossible Problems in Computer Security

Problems in Computer Security

Corporate Clean-up
Life Clean-up

Business Articles

Rapid Containment of Intrusions

Price Gouging Hacking Victims

INC Logo

What Is New? | Contact | Tips

© 2015-2021 Intrepid Net Computing. All rights reserved.