tag:blogger.com,1999:blog-6447283518071683105.post4619188485276245412..comments2023-04-02T10:17:04.631-04:00Comments on Forensic Incident Response: Establishing Time-0hogflyhttp://www.blogger.com/profile/00741773109962883616noreply@blogger.comBlogger3125tag:blogger.com,1999:blog-6447283518071683105.post-6407555934395467452007-04-15T07:48:00.000-04:002007-04-15T07:48:00.000-04:00I don't think that the method itself is inherently...I don't think that the method itself is inherently subjective...however, after spending time watching and listening as others perform IR, I think that a lot of it <B>becomes</B> subjective. This is often due to gaps in training and knowledge that are filled in with assumption and speculation.<BR/><BR/>I've seen cases before where there was no evidence whatsoever that the system time was modifiedH. Carveyhttps://www.blogger.com/profile/08966595734678290320noreply@blogger.comtag:blogger.com,1999:blog-6447283518071683105.post-18262228852429761622007-04-13T19:51:00.000-04:002007-04-13T19:51:00.000-04:00Do you think the method is inherently subjective, ...Do you think the method is inherently subjective, or that people would use it subjectively? Sounds like it may be the latter, but if it's the former, can you explain?<BR/>Thanks!hogflyhttps://www.blogger.com/profile/00741773109962883616noreply@blogger.comtag:blogger.com,1999:blog-6447283518071683105.post-55436539103896591642007-04-13T07:08:00.000-04:002007-04-13T07:08:00.000-04:00I think it does make sense, but I also think that ...I think it does make sense, but I also think that it's not that easy.<BR/><BR/>Part of the response process that many responders seem to like to use is a form of profiling...taking a look at the type of system involved, but not paying a great deal of attention to what's actually occurred on the system, I've seen many responders profile an intruder based on what they (the responder) would do, or H. Carveyhttps://www.blogger.com/profile/08966595734678290320noreply@blogger.com