You discover that your computing system has been infected by a piece of malicious code. You have no idea when the infection occurred. You do have backups performed every week since the system was put into operation but, of course, there have been numerous changes to the system over time. How could you use the backups to construct a “clean” version of your system?

What will be an ideal response?

Impossible way: Start from the beginning and rebuild from first backup, applying all changes in order.

Potentially feasible: Compare files of original backup with current files. Try to account for differences (new files, changed file sizes). Review all backups to determine when each file was changed or created. Note, this is also a very difficult task.

If the infection can be made to manifest itself (that is, if there is a test that will show the effect of the infection), start with backup 1, test, apply backup 2, test, … continue until test shows infection.

Note that none of these approachesare “easy.”

Computer Science & Information Technology

You might also like to view...

To create a secure password, you should use a mixture of uppercase letters, lowercase letters, and symbols

Indicate whether the statement is true or false

Computer Science & Information Technology

A __________ is when an adversary attempts to achieve user authentication without access to the remote host or to the intervening communications path.

A. client attack B. eavesdropping attack C. host attack D. Trojan horse attack

Computer Science & Information Technology