Unix/Linux Forensics 1

Size: px
Start display at page:

Download "Unix/Linux Forensics 1"

Transcription

1 Unix/Linux Forensics 1

2 Simple Linux Commands date display the date ls list the files in the current directory more display files one screen at a time cat display the contents of a file wc displays lines, words, and characters cp, mv, rm, pwd, mkdir, cd, rmdir, chmod, head show the first few lines of a file file determine a file type tail show the last few lines of a file cal display calendar kill terminate a running command lpr send a job to the printer grep searches a file for a specific pattern chmod change file permissions fdisk mount, cat /etc/fstab last. 2

3 Basic Concepts shell shell scripts background and foreground & Ctrl-Z, bg, fg, jobs Environment variables env passwd 3

4 The Linux Filesystem Layout The basic layout of the filesystem starts with the root directory. root directory : this is the base of the file system's tree structure. /bin : binary files for the OS /dev : the device files /etc : system configuration files /sbin: system administrative binaries /home : conventional location for users home directories. lost+found : storage for recovered files 4

5 Commonly used command/concepts mount/umount ls: different options ln df tree chmod, chown, chgrp find tar gzip dd stat 5

6 Commonly used command/concepts cksum checksum and count the bytes in a file sum checksum and count the blocks in a file diff Provide a list of each line that differs strings 6

7 Commonly used command/concepts Every file is managed by a data structure called an inode File location and size Owner, permission, Time of creation, time of last access, time of last modification stat SUID root Set user ID 7

8 Ext2 Inode 8

9 Network Information System /etc/nsswitch.conf yppasswd 9

10 Shared System Files 10

11 Four basic steps Collect Preserve Analyze Present (report) 11

12 Investigating A Unix Host Filesystem integrity-checking program Tripwire: TCT Examining hacked Unix systems netcat 12

13 Order of Volatility The more volatile the data is, the more difficult it is to capture, and the less time you have to do it. The descending order: CPU storage System storage Kernel Tables Fixed media Removable media Paper printouts Table

14 TCT (1) TCT The Coroner s Toolkit Mostly perl but some C as well A STATIC tool! e.g. changes to filesystem during analysis will NOT be noticed by TCT You MUST isolate the system under investigation 14

15 TCT (2) Four major parts: grave-robber: captures forensics data The C-tools (ils, icat, pcat, file, etc) pcat low-level memory utilities: copy process memory pcat PID file: determine file type icat: copies files by inode number ils: list inode info (usually removed files) lazarus Lazarus: create structure from unstructured data mactime Report on times of files 15

16 The C-tools (ils, icat, pcat, file, etc) pcat gathers process memory from live system ils gathers inode information./ils /dev/sda6 icat copy files using inode information to standard out./icat /dev/sda (you can use stat to obtain the inode number) file determine file system type 16

17 lazarus Lazarus classify raw information for analyzing (brings back info from the dead) Unallocated datablocks with no referent inode 17

18 mactime Three times on ext f/sys: Modification time Access time Change time collects information on all three times for specific files./mactime -d /root/download/tct-1.16/bin -y 9/29/

19 Be nice to your MAC times MAC times are sensitive (to changes within the system) Running a single command may change last Access time of a file Should grab MACtime info before running any further commands on system. You ll use this info to create a timeline of activity. 19

20 Sleuth kit Expands TCT data Provides low- and high-level access to Xnix and Windows f/systems. 20

21 The Sleuth Kit File system tools File System Category Content Category dls f ext e l sda6.img» a: the data unit is allocated» f: the data unit is unallocated dcat f ext sda6.img 23456» View the contents of any data unit Metadata category» Include data that describe a file: for example, temporal information, the addresses of the data units, the size of the file.» istat f ext sda6.img to get the specific metadata entry» ils f ext e sda6.img - list the details of several metadata structures» icat f ext sda6.ima 31 - View the contents of the file based on metadata address instead of its file name 21

22 The Sleuth Kit File Name Category» Includes the data that associates a name with a metadata entry» fls: list file names in a given directory» ffind: list which file name corresponds to a given metadata address Application Category» A file system journal records updates to the file system so that the file system can be recovered more quickly after a crash» jls list the contents of the journal and show which file system blocks are saved in the journal blocks Multiple category» mactime: takes temporal data from fls and ils to produce a timeline of file activity 22

23 The Sleuth Kit Searching tools sigfind find binary signature in a file Disk tools disk_stat Volume system tools 23

24 Autopsy Developed to automate the investigation process when TSK is being used 24

25 Capture Filesystem Imaging utilities Wipe out analysis drive dd if=/dev/zero of=/dev/fd0 One more example nc l p > syspect.hdb5.image.1of3& nc l p > syspect.hdb5.image.2of3& nc l p > syspect.hdb5.image.3of3& dd if =/dev/hdb5 count bs=1024 nc w 3 dd if =/dev/hdb5 skip count bs=1024 nc w 3 dd if =/dev/hdb5 skip count bs=1024 nc w 3 cat suspect.image1.10f3 >> suspect.hdb5.image cat suspect.image2.2of3 >> suspect.hdb5.image cat suspect.image3.3of3 >> suspect.hdb5.image 25

26 md5 Create the hash value of collected data and record it md5 from tct: md5 /dev/sda6 Verify the image file on the collection host 26

27 Accessing Captured Filesystems for Examination Copy the image into a partition that is the same size as the image (partition cleaned using dd) Another approach mkdir /mnt/suspecthost mount t ext2 o ro, loop=/dev/loop0 suspect.hdb5.image /mnt/suspecthost Treat it like any other filesystem 27

28 logs /etc/syslog.conf 28

29 logs 29

30 logs /var/log/secure authpriv.* HTTP /var/log/httpd/*: grep passwd /var/log/httpd/* 30

31 Examine Account Information 31

32 Trust Relationship Configuration Files 32

33 Invisible Files and Directories Find invisible files and directories find. type d name.* print0 cat a Search SUID root executables find / -user root perm print0 xargs -0 ls -l Search SGID programs find / -perm print0 xargs -0 ls -l 33

34 Signs of Intrusion in /tmp 34

35 Verifying crontab and at jobs 35

36 Signs that an Executable File Deserves a Closer Look 36

37 Shell and Application History sh.sh_history csh.history ksh.sh_history bash.bash_history tcsh.history 37

38 Signs of Hostile Processes 38

39 Levels of System Compromise 39

40 RootKit Increase privileges Hide activities To manipulate the environment and hide evidence Gather information To extend attacks One example Loadable kernel modules (LKM) 40

41 RootKit Content 41

42 RootKit Content 42

43 RootKit Content 43

44 RootKit Content 44

45 RootKit Content 45

46 RootKit Content 46

47 RootKit Content 47

48 KSTAT Utility Kstat s: display the system call table 48

49 Detecting Trojan LKMs on Live System Detecting trojan LKMs on a live system Complicated These tools intercept system calls. Port 2222 is open default Adore LKM port 49

50 Miscellaneous To determine listing applications associated with open ports netstat anp To determine whether a sniffer is running on a system (promiscuous mode) ifconfig eth0 /proc fd subdirectory: all the files a process has opened cmdfile: the command-line argument 50

51 Miscellaneous lsof (list open files) Lists processes with all their open files, network ports, current directories, and other file systemrelated information An open file can be a regular file, a directory, a library, a stream, or a network socket. Example: For root user: lsof p PID_of_SSHD lsof i: show all processes with active network ports 51

52 Miscellaneous ltrace Library call monitoring programs ltrace date > /dev/null Show fragment of a library-call trace of the date command strace System call monitoring strace date > /dev/null sysctl Read/Write access to kernel configuration parameters and other data sysctl -a 52

53 Prepare Analysis Machines Boot into Knoppix-STD (or your favorite Linux OS with all the right tools) 53

54 A Summary of the Steps in a Unix Investigation Review all pertinent logs Perform keyword searches Review relevant files Identify unauthorized user accounts or groups Identify rogue processes Check for unauthorized access points Analyze trust relationships Check for kernel module rootkits 54

55 Compromising a Unix Host 55

56 Typical Attack Host Exploits 56

57 Attack Steps Target Identification Intelligence Gathering Password sniffing and guessing Compromise network service Initial Compromise Privilege Escalation Gain root access Reconnaissance Attackers perform their own forensic examination Look for security programs Analyze system and user activities Covering the Tracks System that is owned Gain administrative access, clean the tracks, and prepare a returned path 57

Linux System Administration on Red Hat

Linux System Administration on Red Hat Linux System Administration on Red Hat Kenneth Ingham September 29, 2009 1 Course overview This class is for people who are familiar with Linux or Unix systems as a user (i.e., they know file manipulation,

More information

Forensics source: Edward Fjellskål, NorCERT, Nasjonal sikkerhetsmyndighet (NSM)

Forensics source: Edward Fjellskål, NorCERT, Nasjonal sikkerhetsmyndighet (NSM) s Unix Definition of : Computer Coherent application of a methodical investigatory techniques to solve crime cases. Forensics source: Edward Fjellskål, NorCERT, Nasjonal sikkerhetsmyndighet (NSM) s Unix

More information

Introduction to The Sleuth Kit (TSK) By Chris Marko. Rev1 September, 2005. Introduction to The Sleuth Kit (TSK) 1

Introduction to The Sleuth Kit (TSK) By Chris Marko. Rev1 September, 2005. Introduction to The Sleuth Kit (TSK) 1 Introduction to The Sleuth Kit (TSK) By Chris Marko Rev1 September, 2005 Introduction to The Sleuth Kit (TSK) 1 This paper provides an introduction to The Sleuth Kit (referred to as TSK herein), from Brian

More information

Computer Forensics Tracking the Cyber vandals

Computer Forensics Tracking the Cyber vandals Computer Forensics Tracking the Cyber vandals Martin Khoo, CISSP Assistant Director, Defence & Response Head, SingCERT Infocomm Development Authority of Singapore (IDA) BlackHat Asia 2002, Singapore Copyright

More information

Digital Forensics Lecture 3. Hard Disk Drive (HDD) Media Forensics

Digital Forensics Lecture 3. Hard Disk Drive (HDD) Media Forensics Digital Forensics Lecture 3 Hard Disk Drive (HDD) Media Forensics Current, Relevant Topics defendants should not use disk-cleaning utilities to wipe portions of their hard drives before turning them over

More information

UNIX Computer Forensics

UNIX Computer Forensics Honeynet2_book.fm Page 347 Thursday, April 29, 2004 11:09 AM 12 UNIX Computer Forensics Brian Carrier In the last chapter, we discussed the basics of computer forensics. In this chapter, we discuss the

More information

Linux Overview. The Senator Patrick Leahy Center for Digital Investigation. Champlain College. Written by: Josh Lowery

Linux Overview. The Senator Patrick Leahy Center for Digital Investigation. Champlain College. Written by: Josh Lowery Linux Overview Written by: Josh Lowery The Senator Patrick Leahy Center for Digital Investigation Champlain College October 29, 2012 Disclaimer: This document contains information based on research that

More information

An A-Z Index of the Apple OS X command line (TERMINAL) The tcsh command shell of Darwin (the open source core of OSX)

An A-Z Index of the Apple OS X command line (TERMINAL) The tcsh command shell of Darwin (the open source core of OSX) An A-Z Index of the Apple OS X command line (TERMINAL) The tcsh command shell of Darwin (the open source core of OSX) alias alloc awk Create an alias List used and free memory Find and Replace text within

More information

Birmingham Environment for Academic Research. Introduction to Linux Quick Reference Guide. Research Computing Team V1.0

Birmingham Environment for Academic Research. Introduction to Linux Quick Reference Guide. Research Computing Team V1.0 Birmingham Environment for Academic Research Introduction to Linux Quick Reference Guide Research Computing Team V1.0 Contents The Basics... 4 Directory / File Permissions... 5 Process Management... 6

More information

Traditional Rootkits Lrk4 & KNARK

Traditional Rootkits Lrk4 & KNARK Traditional Rootkits Lrk4 & KNARK Based on a paper by John Levine & Julian Grizzard http://users.ece.gatech.edu/~owen/research/conference%20publications/rookit_southeastcon2003.pdf ECE 4883 Internetwork

More information

UNIX - FILE SYSTEM BASICS

UNIX - FILE SYSTEM BASICS http://www.tutorialspoint.com/unix/unix-file-system.htm UNIX - FILE SYSTEM BASICS Copyright tutorialspoint.com A file system is a logical collection of files on a partition or disk. A partition is a container

More information

Israel Aladejebi Computer Forensics Century College Information Technology Department

Israel Aladejebi Computer Forensics Century College Information Technology Department Israel Aladejebi Computer Forensics Century College Information Technology Department Being able to break security doesn t make you a hacker anymore than being able to hotwire cars makes you an automotive

More information

Security Incident Investigation

Security Incident Investigation Security Incident Investigation Mingchao Ma STFC RAL, UK HEPSYSMAN Workshop 10 th June 2010 Overview Security incident handling lifecycle Based on NIST SP800-61rev1 recommendation http://csrc.nist.gov/publications/nistpubs/800-61-rev1/sp800-61rev1.pdf

More information

Forensic Imaging and Artifacts analysis of Linux & Mac (EXT & HFS+)

Forensic Imaging and Artifacts analysis of Linux & Mac (EXT & HFS+) Copyright: The development of this document is funded by Higher Education of Academy. Permission is granted to copy, distribute and /or modify this document under a license compliant with the Creative

More information

INCIDENT RESPONSE & COMPUTER FORENSICS, SECOND EDITION

INCIDENT RESPONSE & COMPUTER FORENSICS, SECOND EDITION " - * INCIDENT RESPONSE & COMPUTER FORENSICS, SECOND EDITION CHRIS PROSISE KEVIN MANDIA McGraw-Hill /Osborne New York Chicago San Francisco Lisbon London Madrid Mexico City Milan New Delhi San Juan Seoul

More information

Linux System Administration. System Administration Tasks

Linux System Administration. System Administration Tasks System Administration Tasks User and Management useradd - Adds a new user account userdel - Deletes an existing account usermod - Modifies an existing account /etc/passwd contains user name, user ID #,

More information

Lab III: Unix File Recovery Data Unit Level

Lab III: Unix File Recovery Data Unit Level New Mexico Tech Digital Forensics Fall 2006 Lab III: Unix File Recovery Data Unit Level Objectives - Review of unallocated space and extracting with dls - Interpret the file system information from the

More information

Kernel. What is an Operating System? Systems Software and Application Software. The core of an OS is called kernel, which. Module 9: Operating Systems

Kernel. What is an Operating System? Systems Software and Application Software. The core of an OS is called kernel, which. Module 9: Operating Systems Module 9: Operating Systems Objective What is an operating system (OS)? OS kernel, and basic functions OS Examples: MS-DOS, MS Windows, Mac OS Unix/Linux Features of modern OS Graphical operating system

More information

Open Source Data Recovery

Open Source Data Recovery Open Source Data Recovery Options and Techniques CALUG MEETING October 2008 !! Disclaimer!! This presentation is not sponsored by any organization of the US Government I am here representing only myself

More information

An Introduction to the Linux Command Shell For Beginners

An Introduction to the Linux Command Shell For Beginners An Introduction to the Linux Command Shell For Beginners Presented by: Victor Gedris In Co-Operation With: The Ottawa Canada Linux Users Group and ExitCertified Copyright and Redistribution This manual

More information

Computing forensics: a live analysis

Computing forensics: a live analysis April 18th, 2005 1 2 3 Objectives Evidence acquisition Recovery and examination of suspect digital evidence (think Warrick Brown on CSI) Hardware: servers, workstations, laptops, PDAs, mobiles, cameras

More information

Basic Linux & Package Management. Original slides from GTFO Security

Basic Linux & Package Management. Original slides from GTFO Security Basic Linux & Package Management Original slides from GTFO Security outline Linux What it is? Commands Filesystem / Shell Package Management Services run on Linux mail dns web central authentication router

More information

Installing MooseFS Step by Step Tutorial

Installing MooseFS Step by Step Tutorial Installing MooseFS Step by Step Tutorial Michał Borychowski MooseFS Support Manager contact@moosefs.org march 2010 Gemius SA Overview... 3 MooseFS install process on dedicated machines... 3 Master server

More information

Thirty Useful Unix Commands

Thirty Useful Unix Commands Leaflet U5 Thirty Useful Unix Commands Last revised April 1997 This leaflet contains basic information on thirty of the most frequently used Unix Commands. It is intended for Unix beginners who need a

More information

Where is computer forensics used?

Where is computer forensics used? What is computer forensics? The preservation, recovery, analysis and reporting of digital artifacts including information stored on computers, storage media (such as a hard disk or CD-ROM), an electronic

More information

Automating Linux Malware Analysis Using Limon Sandbox Monnappa K A monnappa22@gmail.com

Automating Linux Malware Analysis Using Limon Sandbox Monnappa K A monnappa22@gmail.com Automating Linux Malware Analysis Using Limon Sandbox Monnappa K A monnappa22@gmail.com A number of devices are running Linux due to its flexibility and open source nature. This has made Linux platform

More information

Forensic Investigator. Module XI Linux Forensics

Forensic Investigator. Module XI Linux Forensics Computer Hacking Forensic Investigator Module XI Linux Forensics Module Objective This module will familiarize you with the following: Use of Linux as a forensic tool. Recognizing partitions in Linux.

More information

LECTURE-7. Introduction to DOS. Introduction to UNIX/LINUX OS. Introduction to Windows. Topics:

LECTURE-7. Introduction to DOS. Introduction to UNIX/LINUX OS. Introduction to Windows. Topics: Topics: LECTURE-7 Introduction to DOS. Introduction to UNIX/LINUX OS. Introduction to Windows. BASIC INTRODUCTION TO DOS OPERATING SYSTEM DISK OPERATING SYSTEM (DOS) In the 1980s or early 1990s, the operating

More information

Server Forensics: Linux

Server Forensics: Linux Server Forensics: Linux Part II.A. Techniques and Tools: Computer Forensics CSF: Forensics Cyber-Security Fall 2015 Nuno Santos Summary } Linux forensics } Overview of Linux (Unix) systems } System subversion

More information

Digital Forensics For Unix. The SANS Institute

Digital Forensics For Unix. The SANS Institute Digital Forensics For Unix The SANS Institute John Green john@cybersecuritysciences.com Hal Pomeranz hal@deer-run.com 1 1 Forensics in a Nutshell Evidence seizure Investigation and analysis Reporting results

More information

A candidate following a programme of learning leading to this unit will be able to:

A candidate following a programme of learning leading to this unit will be able to: Unit 24: Linux+ Learning Outcomes A candidate following a programme of learning leading to this unit will be able to: Demonstrate knowledge of planning the implementation Show knowledge of how to install

More information

Red Hat Linux Administration II Installation, Configuration, Software and Troubleshooting

Red Hat Linux Administration II Installation, Configuration, Software and Troubleshooting Course ID RHL200 Red Hat Linux Administration II Installation, Configuration, Software and Troubleshooting Course Description Students will experience added understanding of configuration issues of disks,

More information

Rootkit: Analysis, Detection and Protection

Rootkit: Analysis, Detection and Protection Rootkit: Analysis, Detection and Protection Igor Neri Sicurezza Informatica Prof. Bistarelli 1/34 Definition of Rootkit A rootkit is malware which consists of a set of programs designed to hide or obscure

More information

Fred Hantelmann LINUX. Start-up Guide. A self-contained introduction. With 57 Figures. Springer

Fred Hantelmann LINUX. Start-up Guide. A self-contained introduction. With 57 Figures. Springer Fred Hantelmann LINUX Start-up Guide A self-contained introduction With 57 Figures Springer Contents Contents Introduction 1 1.1 Linux Versus Unix 2 1.2 Kernel Architecture 3 1.3 Guide 5 1.4 Typographical

More information

Know Your Enemy: A Forensic Analysis

Know Your Enemy: A Forensic Analysis Know Your Enemy: A Forensic Analysis The Study of an Attack Honeynet Project http://project.honeynet.org Last Modified: 23 May 2000 This paper is a continuation of the Know Your Enemy series. The first

More information

Linux in Law Enforcement

Linux in Law Enforcement Linux in Law Enforcement It's all about CONTROL Barry J. Grundy CALUG MEETING JUNE 2008 !! Disclaimer!! This presentation is not sponsored by any organization of the US Government I am here representing

More information

USEFUL UNIX COMMANDS

USEFUL UNIX COMMANDS cancel cat file USEFUL UNIX COMMANDS cancel print requested with lp Display the file cat file1 file2 > files Combine file1 and file2 into files cat file1 >> file2 chgrp [options] newgroup files Append

More information

Defining Digital Forensic Examination and Analysis Tools Using Abstraction Layers

Defining Digital Forensic Examination and Analysis Tools Using Abstraction Layers Defining Digital Forensic Examination and Analysis Tools Using Abstraction Layers Brian Carrier Research Scientist @stake Abstract This paper uses the theory of abstraction layers to describe the purpose

More information

Tutorial 0A Programming on the command line

Tutorial 0A Programming on the command line Tutorial 0A Programming on the command line Operating systems User Software Program 1 Program 2 Program n Operating System Hardware CPU Memory Disk Screen Keyboard Mouse 2 Operating systems Microsoft Apple

More information

LSN 10 Linux Overview

LSN 10 Linux Overview LSN 10 Linux Overview ECT362 Operating Systems Department of Engineering Technology LSN 10 Linux Overview Linux Contemporary open source implementation of UNIX available for free on the Internet Introduced

More information

System Administration of a C-TOOLS Server

System Administration of a C-TOOLS Server C-TOOLS Version 1.0a; Page 1 of 7 System Administration of a C-TOOLS Server 0. About this Document Table of Contents 1. Introduction 2. Comments on Installing 3. Checklist of Functionality 4. Backing up

More information

Computer Forensic Tools. Stefan Hager

Computer Forensic Tools. Stefan Hager Computer Forensic Tools Stefan Hager Overview Important policies for computer forensic tools Typical Workflow for analyzing evidence Categories of Tools Demo SS 2007 Advanced Computer Networks 2 Important

More information

EXPLORING LINUX KERNEL: THE EASY WAY!

EXPLORING LINUX KERNEL: THE EASY WAY! EXPLORING LINUX KERNEL: THE EASY WAY! By: Ahmed Bilal Numan 1 PROBLEM Explore linux kernel TCP/IP stack Solution Try to understand relative kernel code Available text Run kernel in virtualized environment

More information

DIGITAL FORENSIC INVESTIGATION, COLLECTION AND PRESERVATION OF DIGITAL EVIDENCE. Vahidin Đaltur, Kemal Hajdarević,

DIGITAL FORENSIC INVESTIGATION, COLLECTION AND PRESERVATION OF DIGITAL EVIDENCE. Vahidin Đaltur, Kemal Hajdarević, DIGITAL FORENSIC INVESTIGATION, COLLECTION AND PRESERVATION OF DIGITAL EVIDENCE Vahidin Đaltur, Kemal Hajdarević, Internacional Burch University, Faculty of Information Technlogy 71000 Sarajevo, Bosnia

More information

inside: THE MAGAZINE OF USENIX & SAGE April 2003 volume 28 number 2 SECURITY Chuvakin: Ups and Downs of UNIX/Linux Host-Based Security Solutions

inside: THE MAGAZINE OF USENIX & SAGE April 2003 volume 28 number 2 SECURITY Chuvakin: Ups and Downs of UNIX/Linux Host-Based Security Solutions THE MAGAZINE OF USENIX & SAGE April 2003 volume 28 number 2 inside: SECURITY Chuvakin: Ups and Downs of UNIX/Linux Host-Based Security Solutions & The Advanced Computing Systems Association & The System

More information

TELE 301 Lecture 7: Linux/Unix file

TELE 301 Lecture 7: Linux/Unix file Overview Last Lecture Scripting This Lecture Linux/Unix file system Next Lecture System installation Sources Installation and Getting Started Guide Linux System Administrators Guide Chapter 6 in Principles

More information

Cisco Networking Academy Program Curriculum Scope & Sequence. Fundamentals of UNIX version 2.0 (July, 2002)

Cisco Networking Academy Program Curriculum Scope & Sequence. Fundamentals of UNIX version 2.0 (July, 2002) Cisco Networking Academy Program Curriculum Scope & Sequence Fundamentals of UNIX version 2.0 (July, 2002) Course Description: Fundamentals of UNIX teaches you how to use the UNIX operating system and

More information

Worms, Trojan Horses and Root Kits

Worms, Trojan Horses and Root Kits Worms, Trojan Horses and Root Kits Worms A worm is a type of Virus that is capable of spreading and replicating itself autonomously over the internet. Famous Worms Morris Internet worm (1988) Currently:

More information

RECOVERING DIGITAL EVIDENCE FROM LINUX SYSTEMS

RECOVERING DIGITAL EVIDENCE FROM LINUX SYSTEMS Chapter 19 RECOVERING DIGITAL EVIDENCE FROM LINUX SYSTEMS Philip Craiger Abstract As Linux-kernel-based operating systems proliferate there will be an inevitable increase in Linux systems that law enforcement

More information

Rapid AIX Security Hardening with Trusted Execution (TE) AIX schnell absichern mit Trusted Execution Andreas Leibl, RSTC Ltd

Rapid AIX Security Hardening with Trusted Execution (TE) AIX schnell absichern mit Trusted Execution Andreas Leibl, RSTC Ltd IBM Power Systems und Systems Management Symposium 30.05. - 01.06.2011 Rapid AIX Security Hardening with Trusted Execution (TE) AIX schnell absichern mit Trusted Execution Andreas Leibl, RSTC Ltd Andreas

More information

Linux command line. An introduction to the Linux command line for genomics. Susan Fairley

Linux command line. An introduction to the Linux command line for genomics. Susan Fairley Linux command line An introduction to the Linux command line for genomics Susan Fairley Aims Introduce the command line Provide an awareness of basic functionality Illustrate with some examples Provide

More information

Capturing a Forensic Image. By Justin C. Klein Keane <jukeane@sas.upenn.edu> 12 February, 2013

Capturing a Forensic Image. By Justin C. Klein Keane <jukeane@sas.upenn.edu> 12 February, 2013 Capturing a Forensic Image By Justin C. Klein Keane 12 February, 2013 Before you Begin The first step in capturing a forensic image is making an initial determination as to the

More information

USB 2.0 Flash Drive User Manual

USB 2.0 Flash Drive User Manual USB 2.0 Flash Drive User Manual 1 INDEX Table of Contents Page 1. IMPORTANT NOTICES...3 2. PRODUCT INTRODUCTION...4 3. PRODUCT FEATURES...5 4. DRIVER INSTALLATION GUIDE...6 4.1 WINDOWS 98 / 98 SE... 6

More information

WES 9.2 DRIVE CONFIGURATION WORKSHEET

WES 9.2 DRIVE CONFIGURATION WORKSHEET WES 9.2 DRIVE CONFIGURATION WORKSHEET This packet will provide you with a paper medium external to your WES box to write down the device names, partitions, and mount points within your machine. You may

More information

File-system Intrusion Detection by preserving MAC DTS: A Loadable Kernel Module based approach for LINUX Kernel 2.6.x

File-system Intrusion Detection by preserving MAC DTS: A Loadable Kernel Module based approach for LINUX Kernel 2.6.x File-system Intrusion Detection by preserving MAC DTS: A Loadable Kernel Module based approach for LINUX Kernel 2.6.x Suvrojit Das +91-9734294105 suvrojit.das@gmail.com Arijit Chattopadhayay +91-9474910685

More information

IT6204 Systems & Network Administration. (Optional)

IT6204 Systems & Network Administration. (Optional) Systems & Network Administration (Optional) INTRODUCTION This is one of the Optional courses designed for Semester 6 of the Bachelor of Information Technology Degree program. This course on Systems & Network

More information

See the installation page http://wiki.wocommunity.org/display/documentation/deploying+on+linux

See the installation page http://wiki.wocommunity.org/display/documentation/deploying+on+linux Linux Installation See the installation page http://wiki.wocommunity.org/display/documentation/deploying+on+linux Added goodies (project Wonder) Install couple of more goodies from Wonder. I Installed

More information

Introduction to Operating Systems

Introduction to Operating Systems Introduction to Operating Systems It is important that you familiarize yourself with Windows and Linux in preparation for this course. The exercises in this book assume a basic knowledge of both of these

More information

"EZHACK" POPULAR SMART TV DONGLE REMOTE CODE EXECUTION

EZHACK POPULAR SMART TV DONGLE REMOTE CODE EXECUTION "EZHACK" POPULAR SMART TV DONGLE REMOTE CODE EXECUTION CHECK POINT ALERTED EZCAST THAT ITS SMART TV DONGLE, WHICH IS USED BY APPROXIMATELY 5 MILLION USERS, IS EXPOSED TO SEVERE REMOTE CODE EXECUTION VULNERABILITIES

More information

Open Source and Incident Response

Open Source and Incident Response Open Source and Incident Response Joe Lofshult, CISSP, GCIH 1 Agenda Overview Open Source Tools FIRE Demonstration 2 Overview Incident Adverse event that threatens security in computing systems and networks.

More information

System administration basics

System administration basics Embedded Linux Training System administration basics Michael Opdenacker Thomas Petazzoni Free Electrons Copyright 2009, Free Electrons. Creative Commons BY SA 3.0 license Latest update: Dec 20, 2010, Document

More information

using memory dumps in digital forensics

using memory dumps in digital forensics SAM STOVER AND MATT DICKERSON using memory dumps in digital forensics Stover is an independent security researcher with experience in network- and host-based forensics. sam.stover@gmail.com Matt Dickerson

More information

Linux Template Creation Guide. How to build your own Linux VM templates for deployment in Cloudturk.

Linux Template Creation Guide. How to build your own Linux VM templates for deployment in Cloudturk. Linux Template Creation Guide How to build your own Linux VM templates for deployment in Cloudturk. TABLE OF CONTENTS 1. Installing Xen Hypervisor... 2 2. Installing DomU (Paravirtualized)... 5 3. Installing

More information

ICS 351: Today's plan

ICS 351: Today's plan ICS 351: Today's plan routing protocols linux commands Routing protocols: overview maintaining the routing tables is very labor-intensive if done manually so routing tables are maintained automatically:

More information

Do it Yourself System Administration

Do it Yourself System Administration Do it Yourself System Administration Due to a heavy call volume, we are unable to answer your call at this time. Please remain on the line as calls will be answered in the order they were received. We

More information

http://www.airdefense.net/education/index.shtm b. Cerberus Internet Scanner (WinNT/Win2K scanner) http://www.cerberus-infosec.co.uk/cis.

http://www.airdefense.net/education/index.shtm b. Cerberus Internet Scanner (WinNT/Win2K scanner) http://www.cerberus-infosec.co.uk/cis. Auditing, Intrusion Detection, Forensics, and Logging 1. Auditing (Code, Host, Network & Password Audit Tools) Utilities for checking and verifying security measures a. AirDefense (Wireless scanner and

More information

On Disk Encryption with Red Hat Enterprise Linux

On Disk Encryption with Red Hat Enterprise Linux On Disk Encryption with Red Hat Enterprise Linux Author: Contact: Copyright: URL: Bowe Strickland, Curriculum Manager bowe@redhat.com Copyright 2011, Red Hat, Inc. All rights reserved. http://people.redhat.com/~bowe/summit/2011/tot/on_disk_encryption

More information

Recovering Deleted Files in Linux

Recovering Deleted Files in Linux Recovering Deleted Files in Linux Brian Buckeye and Kevin Liston Most systems administrators have experienced a situation where a vital file has accidentally been deleted without a recent backup. In this

More information

KINDLE FORENSICS: ACQUISITION & ANALYSIS

KINDLE FORENSICS: ACQUISITION & ANALYSIS KINDLE FORENSICS: ACQUISITION & ANALYSIS Peter Hannay SECAU School of Computer and Security Science Edith Cowan University Perth, Australia p.hannay@ecu.edu.au Abstract The Amazon Kindle ebook reader supports

More information

Chapter 10 Case Study 1: LINUX

Chapter 10 Case Study 1: LINUX MODERN OPERATING SYSTEMS Third Edition ANDREW S. TANENBAUM Chapter 10 Case Study 1: LINUX History of UNIX and Linux UNICS PDP-11 UNIX Portable UNIX Berkeley UNIX Standard UNIX MINIX Linux UNIX/Linux Goals

More information

BackTrack Hard Drive Installation

BackTrack Hard Drive Installation BackTrack Hard Drive Installation BackTrack Development Team jabra [at] remote-exploit [dot] org Installing Backtrack to a USB Stick or Hard Drive 1 Table of Contents BackTrack Hard Drive Installation...3

More information

CS 103 Lab Linux and Virtual Machines

CS 103 Lab Linux and Virtual Machines 1 Introduction In this lab you will login to your Linux VM and write your first C/C++ program, compile it, and then execute it. 2 What you will learn In this lab you will learn the basic commands and navigation

More information

INASP: Effective Network Management Workshops

INASP: Effective Network Management Workshops INASP: Effective Network Management Workshops Linux Familiarization and Commands (Exercises) Based on the materials developed by NSRC for AfNOG 2013, and reused with thanks. Adapted for the INASP Network

More information

Unix Administration. Contents. David Malone. March 20, 2001. 1 The Function of the Unix Administrator 1. 2 Basic Unix Objects 2

Unix Administration. Contents. David Malone. March 20, 2001. 1 The Function of the Unix Administrator 1. 2 Basic Unix Objects 2 Unix Administration David Malone March 20, 2001 Contents 1 The Function of the Unix Administrator 1 2 Basic Unix Objects 2 3 Useful Tools for the administrator 4 4 Startup, Shutdown and Rebooting 5 4.1

More information

Design and Implementation of a Live-analysis Digital Forensic System

Design and Implementation of a Live-analysis Digital Forensic System Design and Implementation of a Live-analysis Digital Forensic System Pei-Hua Yen Graduate Institute of Information and Computer Education, National Kaohsiung Normal University, Taiwan amber8520@gmail.com

More information

An Oracle White Paper May 2010. How to Eliminate Web Page Hijacking Using Oracle Solaris 10 Security

An Oracle White Paper May 2010. How to Eliminate Web Page Hijacking Using Oracle Solaris 10 Security An Oracle White Paper May 2010 How to Eliminate Web Page Hijacking Using Oracle Solaris 10 Security Introduction... 1 Oracle Solaris Security: Overview... 2 Oracle Solaris User and Process Rights Management...

More information

Setup software RAID1 array on running CentOS 6.3 using mdadm. (Multiple Device Administrator) 1. Gather information about current system.

Setup software RAID1 array on running CentOS 6.3 using mdadm. (Multiple Device Administrator) 1. Gather information about current system. Setup software RAID1 array on running CentOS 6.3 using mdadm. (Multiple Device Administrator) All commands run from terminal as super user. Default CentOS 6.3 installation with two hard drives, /dev/sda

More information

Computer Forensics using Open Source Tools

Computer Forensics using Open Source Tools Computer Forensics using Open Source Tools COMP 5350/6350 Digital Forensics Professor: Dr. Anthony Skjellum TA: Ananya Ravipati Presenter: Rodrigo Sardinas Overview Use case explanation Useful Linux Commands

More information

Procedure to Create and Duplicate Master LiveUSB Stick

Procedure to Create and Duplicate Master LiveUSB Stick Procedure to Create and Duplicate Master LiveUSB Stick A. Creating a Master LiveUSB stick using 64 GB USB Flash Drive 1. Formatting USB stick having Linux partition (skip this step if you are using a new

More information

SIOS Protection Suite for Linux v8.3.0. Postfix Recovery Kit Administration Guide

SIOS Protection Suite for Linux v8.3.0. Postfix Recovery Kit Administration Guide SIOS Protection Suite for Linux v8.3.0 Postfix Recovery Kit Administration Guide July 2014 This document and the information herein is the property of SIOS Technology Corp. (previously known as SteelEye

More information

Command Line - Part 1

Command Line - Part 1 Command Line - Part 1 STAT 133 Gaston Sanchez Department of Statistics, UC Berkeley gastonsanchez.com github.com/gastonstat Course web: gastonsanchez.com/teaching/stat133 GUIs 2 Graphical User Interfaces

More information

EC-Council Ethical Hacking and Countermeasures

EC-Council Ethical Hacking and Countermeasures EC-Council Ethical Hacking and Countermeasures Description This class will immerse the students into an interactive environment where they will be shown how to scan, test, hack and secure their own systems.

More information

Make a folder named Lab3. We will be using Unix redirection commands to create several output files in that folder.

Make a folder named Lab3. We will be using Unix redirection commands to create several output files in that folder. CMSC 355 Lab 3 : Penetration Testing Tools Due: September 31, 2010 In the previous lab, we used some basic system administration tools to figure out which programs where running on a system and which files

More information

NATIONAL POPULATION REGISTER (NPR)

NATIONAL POPULATION REGISTER (NPR) NATIONAL POPULATION REGISTER (NPR) Project Name: NPR Version No: 1.0.0 Release Date: Group Name: NPR-ECIL Version Date: LINUX SERVER INSTALLATION AND CONFIGURATION FOR JAVA BASED NPR DATAENTRY SOFTWARE

More information

Advanced Linux System Administration on Red Hat

Advanced Linux System Administration on Red Hat Advanced Linux System Administration on Red Hat Kenneth Ingham September 29, 2009 1 Course overview This class is for people who are familiar with basic Linux administration (i.e., they know users, packages,

More information

Linux Kernel Architecture

Linux Kernel Architecture Linux Kernel Architecture Amir Hossein Payberah payberah@yahoo.com Contents What is Kernel? Kernel Architecture Overview User Space Kernel Space Kernel Functional Overview File System Process Management

More information

CS 377: Operating Systems. Outline. A review of what you ve learned, and how it applies to a real operating system. Lecture 25 - Linux Case Study

CS 377: Operating Systems. Outline. A review of what you ve learned, and how it applies to a real operating system. Lecture 25 - Linux Case Study CS 377: Operating Systems Lecture 25 - Linux Case Study Guest Lecturer: Tim Wood Outline Linux History Design Principles System Overview Process Scheduling Memory Management File Systems A review of what

More information

Lab 1: Introduction to the network lab

Lab 1: Introduction to the network lab CSCI 312 - DATA COMMUNICATIONS AND NETWORKS FALL, 2014 Lab 1: Introduction to the network lab NOTE: Be sure to bring a flash drive to the lab; you will need it to save your data. For this and future labs,

More information

Lecture outline. Computer Forensics and Digital Investigation. Defining the word forensic. Defining Computer forensics. The Digital Investigation

Lecture outline. Computer Forensics and Digital Investigation. Defining the word forensic. Defining Computer forensics. The Digital Investigation Computer Forensics and Digital Investigation Computer Security EDA263, lecture 14 Ulf Larson Lecture outline! Introduction to Computer Forensics! Digital investigation! Conducting a Digital Crime Scene

More information

Introduction to Mac OS X

Introduction to Mac OS X Introduction to Mac OS X The Mac OS X operating system both a graphical user interface and a command line interface. We will see how to use both to our advantage. Using DOCK The dock on Mac OS X is the

More information

Digital Forensics Tutorials Acquiring an Image with Kali dcfldd

Digital Forensics Tutorials Acquiring an Image with Kali dcfldd Digital Forensics Tutorials Acquiring an Image with Kali dcfldd Explanation Section Disk Imaging Definition Disk images are used to transfer a hard drive s contents for various reasons. A disk image can

More information

The current version installed on your server is 2.6.32-431.5.1.el6.x86_64 and it's the latest available.

The current version installed on your server is 2.6.32-431.5.1.el6.x86_64 and it's the latest available. IP : nnn.nnn.nnn.n 173.255.141.4 Hostname : example.domain.com webserver.theewfinc.org OS : CentOS release 6.6 (Final) The following is a report on the security and performance of your server. It includes

More information

System Security Fundamentals

System Security Fundamentals System Security Fundamentals Alessandro Barenghi Dipartimento di Elettronica, Informazione e Bioingegneria Politecnico di Milano alessandro.barenghi - at - polimi.it April 28, 2015 Lesson contents Overview

More information

MySQL Backups: From strategy to Implementation

MySQL Backups: From strategy to Implementation MySQL Backups: From strategy to Implementation Mike Frank Senior Product Manager 1 Program Agenda Introduction The 5 Key Steps Advanced Options References 2 Backups are a DBAs Top Priority Be Prepared

More information

Cloud Storage Client Application Evidence Analysis on UNIX/Linux

Cloud Storage Client Application Evidence Analysis on UNIX/Linux Int'l Conf. Security and Management SAM'15 111 Cloud Storage Client Application Evidence Analysis on UNIX/Linux R. Malik 1, N. Shashidhar 1, and L. Chen 2 1 Department of Computer Science, Sam Houston

More information

Chapter 7: Unix Security. Chapter 7: 1

Chapter 7: Unix Security. Chapter 7: 1 Chapter 7: Unix Security Chapter 7: 1 Objectives Understand the security features provided by a typical operating system. Introduce the basic Unix security model. See how general security principles are

More information

Contents III: Contents II: Contents: Rule Set Based Access Control (RSBAC) 4.2 Model Specifics 5.2 AUTH

Contents III: Contents II: Contents: Rule Set Based Access Control (RSBAC) 4.2 Model Specifics 5.2 AUTH Rule Set Based Access Control (RSBAC) Linux Kernel Security Extension Tutorial Amon Ott Contents: 1 Motivation: Why We Need Better Security in the Linux Kernel 2 Overview of RSBAC 3 How

More information

Forensic Acquisition and Analysis of VMware Virtual Hard Disks

Forensic Acquisition and Analysis of VMware Virtual Hard Disks Forensic Acquisition and Analysis of VMware Virtual Hard Disks Manish Hirwani, Yin Pan, Bill Stackpole and Daryl Johnson Networking, Security and Systems Administration Rochester Institute of Technology

More information

Audit Trail Administration

Audit Trail Administration Audit Trail Administration 0890431-030 August 2003 Copyright 2003 by Concurrent Computer Corporation. All rights reserved. This publication or any part thereof is intended for use with Concurrent Computer

More information

Creating a Disk Drive For Linux

Creating a Disk Drive For Linux Storage Presenter:! Robert Wang Linux s Abstraction (vfs) (file systems) (physical devices) Storage Device Disk Drive Multiple Drives RAID! Redundant Array of Independent/Inexpensive Disks! Software or

More information