[ Mission ] [ Dean ] [ Career ] [ Events ] [ Departments ] [ Prospective Students ] [ Links ] [ Research ] [ Degrees Offered ] [ Catalog ] [ Organization ] [ Home ] [ Contact Us ] [ Wichita State University ] Wichita State University: College of Engineering WSU
jobs imageConferencesScholarships

Computers and Networking Image

 Curve bar

INCIDENT RESPONSE GUIDELINES

Since breaking into a computer system is a violation of federal and state law, the information on the compromised system is evidence of a crime. If you think that a machine has been broken into, it is essential that you do not modify the machine in any way because doing so can corrupt or destroy evidence.


What to do if your machine has been compromised

  1. Leave the machine running.
    Do not turn the computer off.
     
  2. Preserve the state of the system!
    • Do not reboot!
    • Do not reinstall the operating system!

    It is critical that you do nothing to erase the evidence trail. Rebooting, or reinstalling the operating system will destroy system logs and other data necessary for tracking the source and nature of the intrusion. The logs and data are also required in a legal investigation. In some cases, even viewing the contents of a file or directory can alter vital information.
     

  3. Remove the machine from the network.
    Physically disconnect the network cable from the network jack (again, do NOT turn the machine off).
     
  4. Contact College of Engineering CompNet Security Officer.
    By email: david.koert@wichita.edu. By telephone: 316-978-6364.

Page is Under Construction
Line

Comments and questions: Webmaster
Copyright © Wichita State University