Forensic Analysis of UNIX Systems
Dario V. Forte, University of Milan, Crema Italy
UNIX File Systems: An Overview
Details on File System Structure
Tools and Techniques for Forensic Investigations
Preservation Phase: Imaging Disk under UNIX
Survey and Search Phase: Seeking Evidence under UNIX
Logs: Characteristics and Requisites
Experimentation: Using GPL Tools for Investigation and Correlation
Applying UNIX Forensics in a Coordinated Incident Response Procedure: A Case History
Conducting International Forensic Operations in Incident Response: Some Observations
INTRODUCTION
The spreading use of distributed systems is forcing the development of increasingly varied investigative procedures in digital forensics regarding both the target and the analysis platforms. A “target platform” is one that has been attacked or used to perpetrate some policy or criminal violation, whereas an “analysis platform” is the one that supports the forensic workstation. In this chapter I discuss UNIX-based platforms and the various “dialects” such as Solaris, AIX, xBSD, and, of course, Linux.
Some Basics of UNIX Forensics
The principles in forensic operations are essentially platform independent, though some file systems are not. In keeping with the rules of due diligence contained in the IACIS (International Association of Computer Investigative Specialists, http://www.cops.org ...
Get Handbook of Information Security: Information Warfare, Social, Legal, and International Issues and Security Foundations, Volume 2 now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.