Unix Security: Diagnostics and Forensics
Printer friendly:
DVI |
Postscript |
PDF |
This document is intended to help Unix/Linux sys-admins with the diagnostic
and forensic examination of a machine that has been hacked — or help
determine whether a suspect machine has been. Specifically the document
describes:
- immediate steps to take — a compromise between destroying forensic
data and restoring service;
- further steps to take in order to determine what has been done and how;
- tools available to help.
Contents:
Immediate StepsBackground MaterialFirst Steps --- Make these before you rebootSecond StepsDiagnostic/Forensic Tools 1:Diagnostic/Forensic Tools 2: NetworkDiagnostic/Forensic Tools 3: Verify Installed Software
About this document:
Produced from the SGML: /home/umits/public_html/_unix_security/_reml_grp/diagnostic_forensic_tools.reml
On: 23/10/2005 at 13:29:12
Options: reml2 -i noindex -l long -o html -p multiple