• United States



by CSO Contributor

If You Decide to Call the Feds*

Jul 01, 20031 min
CSO and CISOCybercrimeIT Leadership

1 Notify the general counsel (GC) verbally and have him contact the authorities. Put nothing in writing (or in an e-mail) at this point. Get a witness to observe your preparations.

2 Shut down all network and remote access to the affected machines.

3 Back up all critical systems. Make it complete, not incremental.

4 Make image copies of every relevant file. Burn them onto CDs. Sign and date one copy and give it to your GC.

5 Do the same for related databases including RDB dumps, Windows registries and Linux log files.

6 Let your users back on to the network and resume business.

7 Print out the text files. Make an inventory of the software versions that you’re using. Mark the papers as proprietary and label each sheet with your company’s name, date and IP markings.

8 Hand over the CDs and paper to the investigators and get a receipt. Explain what you did. Make it clear that the business has started up again.

-D.H. *The author is not a lawyer