O'Reilly logo

Incident Response & Computer Forensics, 2nd Ed. by Chris Prosise, Kevin Mandia

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

CHAPTER 13
Investigating Unix Systems
 
The Unix operating system is powerful, flexible, and extremely functional. The functionality that makes it so useful also makes it a challenge to protect and investigate. This chapter outlines the features of the Unix operating system that are most likely to aid the investigator in determining the who, what, when, where, and how of an incident. We present the investigative techniques in as forensically a sound manner as possible. At this point of the investigation, we assume that you have performed an initial response, as outlined in Chapter 6. You will use the data you collected during the initial response for the investigative steps covered in this chapter.
Keep in mind that this chapter cannot cover ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required