Chapter 11. Investigating a Unix Host

It is a sad fact of network life that the number of Unix systems successfully attacked exceeds the ability of their owners to adequately examine them. Even when sufficient human resources are available, circumstances may intrude—management may not allow a live system to be taken down in order to methodically collect the evidence of an attack. In their one-day seminar on Unix forensics,1 Dan Farmer and Wietse Venema provided a summary of the different levels of effort that may be applied in the response to a particular incident (see Table 11-1). We certainly don’t recommend that you ignore an incident and go back to work. If this was your plan, you probably wouldn’t be reading this book. Many managers decide ...

Get Computer Forensics: Incident Response Essentials now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.