some unknown scripts

[James McDonald]

M.W. Chang wrote:

>> If you are convinced the system is compromized, copy RAM to a 
>> networked machine using dd | ssh  and then power down the box (not 
>> shutdown, power off hard) and create 3 copies of the HD using DD from 
>> a bootable distro onto other drives, clean if possible, but zeroed 
>> either way.
>
>
> what's the objective of copying the RAM?
>
So you can do forensics later on and Identify running rootkit code?

for the country people if you copy the RAM then you can service more 
sheep and get more lambs.