Chapter 11. Investigating a Unix Host
It is a sad fact of network life that the number of Unix systems successfully attacked exceeds the ability of their owners to adequately examine them. Even when sufficient human resources are available, circumstances may intrude—management may not allow a live system to be taken down in order to methodically collect the evidence of an attack. In their one-day seminar on Unix forensics,1 Dan Farmer and Wietse Venema provided a summary of the different levels of effort that may be applied in the response to a particular incident (see Table 11-1). We certainly don’t recommend that you ignore an incident and go back to work. If this was your plan, you probably wouldn’t be reading this book. Many managers decide ...
Get Computer Forensics: Incident Response Essentials now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
