unix & linux forensic analysis dvd toolkit

THÔNG TIN TÀI LIỆU

Cấu trúc

Copyright Page
Co-Authors
Appendix Contributor
Contents
Chapter 1: Introduction
- History
- Target Audience
- What is Covered
- What is Not Covered
Chapter 2: Understanding Unix
- Introduction
- Unix, UNIX, Linux, and *nix
  - Linux Distributions
    - Get a Linux!
    - Booting Ubuntu Linux from the LiveCD
  - The Shell
    - All Hail the Shell
    - Essential Commands
- Highlights of The Linux Security Model
- The *nix File system Structure
  - Mount points: What the Heck are They?
- File Systems
  - Ext2/Ext3
- Summary
Chapter 3: Live Response: Data Collection
- Introduction
- Prepare the Target Media
  - Mount the Drive
- Format the Drive
  - Format the Disk with the ext File System
- Gather Volatile Information
  - Prepare a Case Logbook
- Acquiring the Image
  - Preparation and Planning
    - DD
    - Bootable *nix ISOs
      - Helix
      - Knoppix
      - BackTrack 2
      - Insert
    - EnCase LinEn
    - FTK Imager
    - ProDiscover
- Summary
Chapter 4: Initial Triage and Live Response: Data Analysis
- Introduction
- Initial Triage
  - Log Analysis
    - zgrep
    - Tail
    - More
    - Less
  - Keyword Searches
    - strings /proc/kcore –t d > /tmp/kcore_outfile
    - File and Directory Names
    - IP Addresses and Domain Names
    - Tool Keywords
- Tricks of the Trade
- User Activity
  - Shell History
  - Logged on Users
- Network Connections
- Running Processes
- Open File Handlers
- Summary
Chapter 5: The Hacking Top 10
- Introduction
- The Hacking Top Ten
  - Netcat
- Reconnaissance Tools
  - Nmap
  - Nessus
    - Try it Out
    - Plug-ins
    - Ports
    - Target
  - Nikto
  - Wireshark
  - Canvas/Core Impact
  - The Metasploit Framework
  - Paros
  - hping2 - Active Network Smashing Tool
  - Ettercap
- Summary
Chapter 6: The /Proc File System
- Introduction
  - cmdline
  - cpuinfo
  - diskstats
  - driver/rtc
  - filesystems
  - kallsyms (ksyms)
  - kcore
  - modules
  - mounts
  - partitions
  - sys/
  - uptime
  - version
  - Process IDs
    - cmdline
    - cwd
    - environ
    - exe
    - fd
    - loginuid
- Putting It All Together
- sysfs
  - modules
  - block
Chapter 7: File Analysis
- The Linux Boot Process
  - init and runlevels
- System and Security Configuration Files
  - Users, Groups, and Privileges
  - Cron Jobs
- Log Files
  - Who
  - Where and What
- Identifying Other Files of Interest
  - SUID and SGID Root Files
  - Recently Modified/Accessed/Created Files
  - Modified System Files
  - Out-of-Place inodes
  - Hidden Files and Hiding Places
Chapter 8: Malware
- Introduction
- Viruses
- Storms on the Horizon
- Do it Yourself with Panda and Clam
  - Download ClamAV
  - Install ClamAV
  - Updating Virus Database with Freshclam
- Scanning the Target Directory
  - Download Panda Antivirus
  - Install Panda Antivirus
  - Scanning the Target Directory
    - Web References
Appendix A: Implementing Cybercrime Detection Techniques on Windows and *nix by Michael Cross
- Introduction
- Security Auditing and Log Files
  - Auditing for Windows Platforms
  - Auditing for UNIX and Linux Platforms
- Firewall Logs, Reports, Alarms, and Alerts
- Commercial Intrusion Detection Systems
  - Characterizing Intrusion Detection Systems
  - Commercial IDS Players
- IP Spoofing and Other Antidetection Tactics
- Honeypots, Honeynets, and Other “Cyberstings”
- Summary
- Frequently Asked Questions
Index

Nội dung

[...]... cover the advanced forensics techniques, which will provide the expert with the most value add We hope you enjoy reading UNIX Forensic Analysis: The Linux Kernel” as much as we enjoyed writing it Please do not hesitate to contact us should you have any comments or questions regarding this book www.syngress.com Chapter 2 Understanding Unix Solutions in this chapter: ■ Unix, UNIX, Linux, and *nix ■... are likely to encounter By taking the time to get comfortable in this chapter, you’ll be able to both use free Linux forensic tools as appropriate for forensic analysis, and you will also have the knowledge to better analyze client systems that happen to be Linux or *nix variants Unix, UNIX, Linux, and *nix You’ve probably noticed the alphabet soup of these related terms here in this chapter and elsewhere... writing my thesis on UNIX forensic analysis would be a good topic, relevant both to my job duties and my course work With Harlan Carvey being a colleague of mine, you would think I would just write something on Windows forensics and ask him for help However, this was my thesis, and I wanted to do something that would challenge me, so I chose to write my paper on UNIX forensic analysis After about a... the loose sense we use it in this book—that is, www .unix. org/what_is _unix. html 1 www.syngress.com Understanding Unix • Chapter 2 to refer to operating systems that follow a certain design philosophy And Linux is an enormously popular, free UNIX- like operating system that is designed with the philosophy of Unix, but in actuality is not a truly UNIX- compliant implementation of that philosophy The... Windows, the prospect of using or investigating a Unix or Unix- like machine can be exceedingly daunting This chapter aims to help you hit the ground running and get over that fear of the world outside Windows You’ll be introduced to Unix by booting Linux on your own PC, and be given a quick tour around some of the features of Linux that are common to most Unix- like systems For comfort, we’ll draw on what... DEC, and lived its early life as Digital Unix FreeBSD, OpenBSD, free, open source *nixes of a Berkeley heritage www.syngress.com 11 12 Chapter 2 • Understanding Unix And, for historical perspective, the legacies of these are still alive and well: ■ ■ UNIX System V (“System 5”) aka SVR5, from AT&T, later to become SCO UnixWare Berkeley Software Distribution (BSD) UNIX, alive and well in many variants After... worse Linux is available in a variety of different flavors that express the rich diversity of people who are using the operating system, and who are taking advantage of its open source nature to tweak and create a Linux that solves problems in their own way Some of the more common Linux distributions include: Ubuntu Linux (our choice for this book), Red Hat Enterprise Linux (RHEL), Fedora, SUSE Linux. .. sincere desire that the reader finds this book useful, and that it helps to fan the flames of desire to learn even more about Linux forensics Our goal during this project was to provide the forensic community with an introductory book that explains many of the details surrounding Linux forensics in a manner in which the most novice examiner can easily understand, yet also provide the more experienced examiner... hyphenated concoctions of Unix- like” and try to refer to the whole mess of Unix and friends as “*nix” when referring to Linux or compliant UNIX operating systems The further good news is that with some basic Linux skills, you’ll be opened up to the larger realm where a multitude of proprietary and free *nix implementations await you Knowing Linux and its terminology will help you feel somewhat at home with... you already know about the Windows operating system, and point out where Unix thinks and acts similarly, and also where *nix is very different from Windows Our focus and examples all use Linux Ubuntu Linux specifically—but the concepts and nearly all of the commands and techniques introduced here are a pplicable to all Unix and Unix- like operating systems you are likely to encounter By taking the time . BY Syngress Publishing, Inc. Elsevier, Inc. 30 Corporate Drive Burlington, MA 01803 UNIX and Linux Forensic Analysis DVD Toolkit Copyright © 2008 by Elsevier, Inc. All rights reserved. Printed in the. tools as appropriate for forensic analysis, and you will also have the knowledge to better analyze client systems that happen to be Linux or *nix variants. Unix, UNIX, Linux, and *nix You’ve probably. book will cover the advanced forensics techniques, which will provide the expert with the most value add. We hope you enjoy reading UNIX Forensic Analysis: The Linux Kernel” as much as we

Ngày đăng: 25/03/2014, 12:12

Xem thêm