Security Incident Reporting Form
Instructions
Please try to fill in the form with as much information as possible. Some of the information is optional and/or
not relevant; however, with as much information provided as possible, it enables CIRT officers to provide you the
best and fastest assistance.
Please return a signed copy of this form to [email protected]
Contact Information
Please give us your contact information so that we may get back to you.
Name
Email
Group name/orginization. Are you a member of Staff/Public
2. Host Information
Please give us as much information about your own computer system as possible. This will allow us to identify if
there are any possible vulnerabilities that could be exploited in your system.
Location of system
Computer Name Operating System
IP address
For Windows systems, go to the command prompt, then run the command, “ipconfig /all�?BR>For other operating system, please refer to the user guide of the operating system.
Did you install/enable the following? Yes No Unknown
a. Latest security patches for your operating system
b. Anti-virus software (if yes, which one: _______________________)
c. Latest anti-virus updates (if yes, which update: _________________)
d. Internet Relay Chat (IRC) Client
e. Messaging software (ICQ, Yahoo, MSN, etc.)
f. Web server (IIS, Apache, etc)
g. FTP server (IIS, Serv-U, WS_FTP server, etc.)
h. SMTP server (IIS, QK SMTP, Postcast, etc.
i. Terminal Services or Remote Desktop Connection enabled
j. Peer-to-peer file sharing software (Kazaa, Morpheus, eDonkey, etc)
k. File and printer sharing
l. Personal firewall (if yes, which one: _______________________)
m. Any other kind of server software? (Please indicate)
3. Incident Information
Please tell us as much as you can about the incident/s that you detected. This will allow us to provide you with the
best response and resources. Please attach in an email if there is insufficient space to record all the incidents.
Incident Date Time
What incident did you detect?
How did you detect the incident?
Do you have any log files of the incident? Yes No
Please attach all log files if possible.
You can either print out the logs, save the logs onto a diskette or cd-rom.
Attacker’s Computer Name Attacker’s IP address(if known)
Attacker’s MAC address
Do you have any other information of the incident/attacker?
Declaration
I hereby declare that the information provided in this document is true to the best of my knowledge.
I understand that the CIRT reserves the right to withhold the outcome of the
investigation .
______________________
Name:
Did you remember the following?
�?Attach all log files
�?Include your contact details
�?Sign the declaration
PLEASE CUT& PASTE THE REPORTING SECTION OF THIS DOCUMENT COMPLETE WITH INFO & COPY IT INTO THE GENERAL SECTION BOARDS UNDER "CHATCOP TRAINING" LOOK FOR MY REPLY SECTION TO COPY REPORT TO
THANK YOU