Forensic Analysis of UNIX Systems
Dario V. Forte, University of Milan, Crema Italy
The spreading use of distributed systems is forcing the development of increasingly varied investigative procedures in digital forensics regarding both the target and the analysis platforms. A “target platform” is one that has been attacked or used to perpetrate some policy or criminal violation, whereas an “analysis platform” is the one that supports the forensic workstation. In this chapter I discuss UNIX-based platforms and the various “dialects” such as Solaris, AIX, xBSD, and, of course, Linux.
Some Basics of UNIX Forensics
The principles in forensic operations are essentially platform independent, though some file systems are not. In keeping with the rules of due diligence contained in the IACIS (International Association of Computer Investigative Specialists, http://www.cops.org ...