Problem solve Get help with specific problems with your technologies, process and projects.

Recovering data after an attack

If you've been hacked, crucial company data has probably been compromised. Kevin Beaver explains how you can clean your systems, recover data and prevent ongoing intrusions.

How can crucial data be recovered after Windows 2000 workstations are hacked? That's what one reader asked site expert Kevin Beaver. Get Kevin's advice on how to clean your systems, save your data and prevent ongoing intrusions.

To check if your Windows systems are clean, you should first run a vulnerability assessment, such as GFI LANguard Network Security Scanner or QualysGuard Enterprise), or try an antivirus scanner, spyware cleaning utility or rootkit removal tool.

That said, the only definitive way to ensure your operating systems are clean is to wipe and reinstall them. The data is not likely infected; it's integrity and confidentiality may have been compromised, but data files usually don't harbor malware, etc. If your data is located in specific folders (i.e. Documents and Settings or My Documents), you could save that data off the workstation before cleaning the drives and reinstalling. If you choose this route, make sure you have reliable backups. I'd recommend creating an image of the drives using a utility like Acronis True Image in case you need to go back.

To prevent ongoing intrusions, you must not only have a solid firewall, but also use host-based protection. I'm talking about antivirus, antispyware and personal firewall software such as BlackICE. Check out the various system hardening checklists by Roberta Bragg on as well.

Following all of these steps and keeping up with current patches can keep you pretty secure from a technical perspective. You then have to deal with people, policies and procedures -- the more difficult aspect of Windows security, but not impossible. Learn from the intrusion, get upper management support, improve your security policies and procedures, and work on locking things down moving forward.

About the author: Kevin Beaver is founder and principal consultant of Atlanta-based Principle Logic LLC, as well as a resident expert on He specializes in information security assessments and incident response and is the author of the new book "Hacking for dummies" by John Wiley and Sons. Ask Kevin a question about Windows security threats today.

More information from

  • Windows Security Clinic: You've been hacked! Now what?
  • Book Excerpt: Designing security for a backup and recovery strategy
  • Book Excerpt: Designing a strategy for the encryption and decryption of files and folders

  • Dig Deeper on Enterprise desktop management

    Start the conversation

    Send me notifications when other members comment.

    Please create a username to comment.