Perhaps you think you’ve found evidence of a system compromise, or you fear log files will be altered if you end up restarting services or the system itself. If you want to preserve files on another system so that someone more knowledgeable can look at them later, the commands in this chapter will come in handy.
Most commands in this report will not alter system state. However, the commands in this chapter and the next have the potential to do so. In this chapter, the commands to transfer files from the Linux system to another system for later analysis can also work in reverse—that is, transfer files to the Linux box. So be careful!
scp (secure copy) command can be used to copy files over the SSH
protocol (the same protocol that you’re running your
session over). This command allows us to copy files using an encrypted,
If you are going to copy files from Linux “down” to your Windows system,
you need a program that will run on Windows. The creator of PuTTY made
PSCP.EXE for precisely that purpose: to implement
scp for Windows.
You can download it from the same place as
PSCP.EXE program, shown in Figure 8-1, is meant to run under Windows Command Prompt
CMD.EXE). It takes the same parameters as
In this example, the
-r means to copy recursively. The ...