CHAPTER 16
BASIC FORENSICS
We turn to forensics when it’s necessary to investigate activity on a system. Logfiles do not always capture information relevant to answering questions. They may capture data like “When and from what IP address did a user access a system?” but may not be able to answer questions like “What files have been executed or deleted?” or “Were these files accessed when the user logged in?” We need tools and techniques to recover or deduce this kind of information, especially if logfiles have been erased by an attacker trying to cover their tracks.
The activity under investigation need not be malicious or illegal. It may be ...
Get Anti-Hacker Tool Kit, Fourth Edition, 4th Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.