Harlan Carvey has written an interesting article examining misconceptions around incident response - specifically how you deal with a security breach. Like Harlan I've heard many people advocate booting a compromised machine off a LINUX boot disk to perform forensics - there are many drawbacks with this approach as you can read in the article. Getting to the root cause of the compromise is something which is often overlooked in the rush to restore service to the business. Like most things planning HOW you will recover IN ADVANCE is well worth the effort.
You can read Harlan's article by clicking here. Please post comments to share your experience.
Did I hear someone mention Linux :) Whilst planning in advance on how to recover is imho essential as you mention getting to the root (no pun intended - linux joke) cause is highly essential to make sure it doesn't happen again.
My computer was infected by VeryLince trogan while using msn premium and actively running mcafee firewall and virus protetion. MSN download manager shows no download activity. I paid extra money for mcafee titanium virus removal that was unsucessfull. Need suggestions or advise on what to do next. Mcaffe # 14696459. Please help or give good reference for problem solution. Thanks.