CHAPTER 13
Investigating Unix Systems
 
The Unix operating system is powerful, flexible, and extremely functional. The functionality that makes it so useful also makes it a challenge to protect and investigate. This chapter outlines the features of the Unix operating system that are most likely to aid the investigator in determining the who, what, when, where, and how of an incident. We present the investigative techniques in as forensically a sound manner as possible. At this point of the investigation, we assume that you have performed an initial response, as outlined in Chapter 6. You will use the data you collected during the initial response for the investigative steps covered in this chapter.
Keep in mind that this chapter cannot cover ...

Get Incident Response & Computer Forensics, 2nd Ed., 2nd Edition now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.