Unix/Linux Forensics 1
|
|
- Jonathan Powers
- 8 years ago
- Views:
Transcription
1 Unix/Linux Forensics 1
2 Simple Linux Commands date display the date ls list the files in the current directory more display files one screen at a time cat display the contents of a file wc displays lines, words, and characters cp, mv, rm, pwd, mkdir, cd, rmdir, chmod, head show the first few lines of a file file determine a file type tail show the last few lines of a file cal display calendar kill terminate a running command lpr send a job to the printer grep searches a file for a specific pattern chmod change file permissions fdisk mount, cat /etc/fstab last. 2
3 Basic Concepts shell shell scripts background and foreground & Ctrl-Z, bg, fg, jobs Environment variables env passwd 3
4 The Linux Filesystem Layout The basic layout of the filesystem starts with the root directory. root directory : this is the base of the file system's tree structure. /bin : binary files for the OS /dev : the device files /etc : system configuration files /sbin: system administrative binaries /home : conventional location for users home directories. lost+found : storage for recovered files 4
5 Commonly used command/concepts mount/umount ls: different options ln df tree chmod, chown, chgrp find tar gzip dd stat 5
6 Commonly used command/concepts cksum checksum and count the bytes in a file sum checksum and count the blocks in a file diff Provide a list of each line that differs strings 6
7 Commonly used command/concepts Every file is managed by a data structure called an inode File location and size Owner, permission, Time of creation, time of last access, time of last modification stat SUID root Set user ID 7
8 Ext2 Inode 8
9 Network Information System /etc/nsswitch.conf yppasswd 9
10 Shared System Files 10
11 Four basic steps Collect Preserve Analyze Present (report) 11
12 Investigating A Unix Host Filesystem integrity-checking program Tripwire: TCT Examining hacked Unix systems netcat 12
13 Order of Volatility The more volatile the data is, the more difficult it is to capture, and the less time you have to do it. The descending order: CPU storage System storage Kernel Tables Fixed media Removable media Paper printouts Table
14 TCT (1) TCT The Coroner s Toolkit Mostly perl but some C as well A STATIC tool! e.g. changes to filesystem during analysis will NOT be noticed by TCT You MUST isolate the system under investigation 14
15 TCT (2) Four major parts: grave-robber: captures forensics data The C-tools (ils, icat, pcat, file, etc) pcat low-level memory utilities: copy process memory pcat PID file: determine file type icat: copies files by inode number ils: list inode info (usually removed files) lazarus Lazarus: create structure from unstructured data mactime Report on times of files 15
16 The C-tools (ils, icat, pcat, file, etc) pcat gathers process memory from live system ils gathers inode information./ils /dev/sda6 icat copy files using inode information to standard out./icat /dev/sda (you can use stat to obtain the inode number) file determine file system type 16
17 lazarus Lazarus classify raw information for analyzing (brings back info from the dead) Unallocated datablocks with no referent inode 17
18 mactime Three times on ext f/sys: Modification time Access time Change time collects information on all three times for specific files./mactime -d /root/download/tct-1.16/bin -y 9/29/
19 Be nice to your MAC times MAC times are sensitive (to changes within the system) Running a single command may change last Access time of a file Should grab MACtime info before running any further commands on system. You ll use this info to create a timeline of activity. 19
20 Sleuth kit Expands TCT data Provides low- and high-level access to Xnix and Windows f/systems. 20
21 The Sleuth Kit File system tools File System Category Content Category dls f ext e l sda6.img» a: the data unit is allocated» f: the data unit is unallocated dcat f ext sda6.img 23456» View the contents of any data unit Metadata category» Include data that describe a file: for example, temporal information, the addresses of the data units, the size of the file.» istat f ext sda6.img to get the specific metadata entry» ils f ext e sda6.img - list the details of several metadata structures» icat f ext sda6.ima 31 - View the contents of the file based on metadata address instead of its file name 21
22 The Sleuth Kit File Name Category» Includes the data that associates a name with a metadata entry» fls: list file names in a given directory» ffind: list which file name corresponds to a given metadata address Application Category» A file system journal records updates to the file system so that the file system can be recovered more quickly after a crash» jls list the contents of the journal and show which file system blocks are saved in the journal blocks Multiple category» mactime: takes temporal data from fls and ils to produce a timeline of file activity 22
23 The Sleuth Kit Searching tools sigfind find binary signature in a file Disk tools disk_stat Volume system tools 23
24 Autopsy Developed to automate the investigation process when TSK is being used 24
25 Capture Filesystem Imaging utilities Wipe out analysis drive dd if=/dev/zero of=/dev/fd0 One more example nc l p > syspect.hdb5.image.1of3& nc l p > syspect.hdb5.image.2of3& nc l p > syspect.hdb5.image.3of3& dd if =/dev/hdb5 count bs=1024 nc w 3 dd if =/dev/hdb5 skip count bs=1024 nc w 3 dd if =/dev/hdb5 skip count bs=1024 nc w 3 cat suspect.image1.10f3 >> suspect.hdb5.image cat suspect.image2.2of3 >> suspect.hdb5.image cat suspect.image3.3of3 >> suspect.hdb5.image 25
26 md5 Create the hash value of collected data and record it md5 from tct: md5 /dev/sda6 Verify the image file on the collection host 26
27 Accessing Captured Filesystems for Examination Copy the image into a partition that is the same size as the image (partition cleaned using dd) Another approach mkdir /mnt/suspecthost mount t ext2 o ro, loop=/dev/loop0 suspect.hdb5.image /mnt/suspecthost Treat it like any other filesystem 27
28 logs /etc/syslog.conf 28
29 logs 29
30 logs /var/log/secure authpriv.* HTTP /var/log/httpd/*: grep passwd /var/log/httpd/* 30
31 Examine Account Information 31
32 Trust Relationship Configuration Files 32
33 Invisible Files and Directories Find invisible files and directories find. type d name.* print0 cat a Search SUID root executables find / -user root perm print0 xargs -0 ls -l Search SGID programs find / -perm print0 xargs -0 ls -l 33
34 Signs of Intrusion in /tmp 34
35 Verifying crontab and at jobs 35
36 Signs that an Executable File Deserves a Closer Look 36
37 Shell and Application History sh.sh_history csh.history ksh.sh_history bash.bash_history tcsh.history 37
38 Signs of Hostile Processes 38
39 Levels of System Compromise 39
40 RootKit Increase privileges Hide activities To manipulate the environment and hide evidence Gather information To extend attacks One example Loadable kernel modules (LKM) 40
41 RootKit Content 41
42 RootKit Content 42
43 RootKit Content 43
44 RootKit Content 44
45 RootKit Content 45
46 RootKit Content 46
47 RootKit Content 47
48 KSTAT Utility Kstat s: display the system call table 48
49 Detecting Trojan LKMs on Live System Detecting trojan LKMs on a live system Complicated These tools intercept system calls. Port 2222 is open default Adore LKM port 49
50 Miscellaneous To determine listing applications associated with open ports netstat anp To determine whether a sniffer is running on a system (promiscuous mode) ifconfig eth0 /proc fd subdirectory: all the files a process has opened cmdfile: the command-line argument 50
51 Miscellaneous lsof (list open files) Lists processes with all their open files, network ports, current directories, and other file systemrelated information An open file can be a regular file, a directory, a library, a stream, or a network socket. Example: For root user: lsof p PID_of_SSHD lsof i: show all processes with active network ports 51
52 Miscellaneous ltrace Library call monitoring programs ltrace date > /dev/null Show fragment of a library-call trace of the date command strace System call monitoring strace date > /dev/null sysctl Read/Write access to kernel configuration parameters and other data sysctl -a 52
53 Prepare Analysis Machines Boot into Knoppix-STD (or your favorite Linux OS with all the right tools) 53
54 A Summary of the Steps in a Unix Investigation Review all pertinent logs Perform keyword searches Review relevant files Identify unauthorized user accounts or groups Identify rogue processes Check for unauthorized access points Analyze trust relationships Check for kernel module rootkits 54
55 Compromising a Unix Host 55
56 Typical Attack Host Exploits 56
57 Attack Steps Target Identification Intelligence Gathering Password sniffing and guessing Compromise network service Initial Compromise Privilege Escalation Gain root access Reconnaissance Attackers perform their own forensic examination Look for security programs Analyze system and user activities Covering the Tracks System that is owned Gain administrative access, clean the tracks, and prepare a returned path 57
Linux System Administration on Red Hat
Linux System Administration on Red Hat Kenneth Ingham September 29, 2009 1 Course overview This class is for people who are familiar with Linux or Unix systems as a user (i.e., they know file manipulation,
More informationForensics source: Edward Fjellskål, NorCERT, Nasjonal sikkerhetsmyndighet (NSM)
s Unix Definition of : Computer Coherent application of a methodical investigatory techniques to solve crime cases. Forensics source: Edward Fjellskål, NorCERT, Nasjonal sikkerhetsmyndighet (NSM) s Unix
More informationIntroduction to The Sleuth Kit (TSK) By Chris Marko. Rev1 September, 2005. Introduction to The Sleuth Kit (TSK) 1
Introduction to The Sleuth Kit (TSK) By Chris Marko Rev1 September, 2005 Introduction to The Sleuth Kit (TSK) 1 This paper provides an introduction to The Sleuth Kit (referred to as TSK herein), from Brian
More informationComputer Forensics Tracking the Cyber vandals
Computer Forensics Tracking the Cyber vandals Martin Khoo, CISSP Assistant Director, Defence & Response Head, SingCERT Infocomm Development Authority of Singapore (IDA) BlackHat Asia 2002, Singapore Copyright
More informationDigital Forensics Lecture 3. Hard Disk Drive (HDD) Media Forensics
Digital Forensics Lecture 3 Hard Disk Drive (HDD) Media Forensics Current, Relevant Topics defendants should not use disk-cleaning utilities to wipe portions of their hard drives before turning them over
More informationUNIX Computer Forensics
Honeynet2_book.fm Page 347 Thursday, April 29, 2004 11:09 AM 12 UNIX Computer Forensics Brian Carrier In the last chapter, we discussed the basics of computer forensics. In this chapter, we discuss the
More informationLinux Overview. The Senator Patrick Leahy Center for Digital Investigation. Champlain College. Written by: Josh Lowery
Linux Overview Written by: Josh Lowery The Senator Patrick Leahy Center for Digital Investigation Champlain College October 29, 2012 Disclaimer: This document contains information based on research that
More informationAn A-Z Index of the Apple OS X command line (TERMINAL) The tcsh command shell of Darwin (the open source core of OSX)
An A-Z Index of the Apple OS X command line (TERMINAL) The tcsh command shell of Darwin (the open source core of OSX) alias alloc awk Create an alias List used and free memory Find and Replace text within
More informationBirmingham Environment for Academic Research. Introduction to Linux Quick Reference Guide. Research Computing Team V1.0
Birmingham Environment for Academic Research Introduction to Linux Quick Reference Guide Research Computing Team V1.0 Contents The Basics... 4 Directory / File Permissions... 5 Process Management... 6
More informationTraditional Rootkits Lrk4 & KNARK
Traditional Rootkits Lrk4 & KNARK Based on a paper by John Levine & Julian Grizzard http://users.ece.gatech.edu/~owen/research/conference%20publications/rookit_southeastcon2003.pdf ECE 4883 Internetwork
More informationUNIX - FILE SYSTEM BASICS
http://www.tutorialspoint.com/unix/unix-file-system.htm UNIX - FILE SYSTEM BASICS Copyright tutorialspoint.com A file system is a logical collection of files on a partition or disk. A partition is a container
More informationIsrael Aladejebi Computer Forensics Century College Information Technology Department
Israel Aladejebi Computer Forensics Century College Information Technology Department Being able to break security doesn t make you a hacker anymore than being able to hotwire cars makes you an automotive
More informationSecurity Incident Investigation
Security Incident Investigation Mingchao Ma STFC RAL, UK HEPSYSMAN Workshop 10 th June 2010 Overview Security incident handling lifecycle Based on NIST SP800-61rev1 recommendation http://csrc.nist.gov/publications/nistpubs/800-61-rev1/sp800-61rev1.pdf
More informationForensic Imaging and Artifacts analysis of Linux & Mac (EXT & HFS+)
Copyright: The development of this document is funded by Higher Education of Academy. Permission is granted to copy, distribute and /or modify this document under a license compliant with the Creative
More informationINCIDENT RESPONSE & COMPUTER FORENSICS, SECOND EDITION
" - * INCIDENT RESPONSE & COMPUTER FORENSICS, SECOND EDITION CHRIS PROSISE KEVIN MANDIA McGraw-Hill /Osborne New York Chicago San Francisco Lisbon London Madrid Mexico City Milan New Delhi San Juan Seoul
More informationLinux System Administration. System Administration Tasks
System Administration Tasks User and Management useradd - Adds a new user account userdel - Deletes an existing account usermod - Modifies an existing account /etc/passwd contains user name, user ID #,
More informationLab III: Unix File Recovery Data Unit Level
New Mexico Tech Digital Forensics Fall 2006 Lab III: Unix File Recovery Data Unit Level Objectives - Review of unallocated space and extracting with dls - Interpret the file system information from the
More informationKernel. What is an Operating System? Systems Software and Application Software. The core of an OS is called kernel, which. Module 9: Operating Systems
Module 9: Operating Systems Objective What is an operating system (OS)? OS kernel, and basic functions OS Examples: MS-DOS, MS Windows, Mac OS Unix/Linux Features of modern OS Graphical operating system
More informationOpen Source Data Recovery
Open Source Data Recovery Options and Techniques CALUG MEETING October 2008 !! Disclaimer!! This presentation is not sponsored by any organization of the US Government I am here representing only myself
More informationAn Introduction to the Linux Command Shell For Beginners
An Introduction to the Linux Command Shell For Beginners Presented by: Victor Gedris In Co-Operation With: The Ottawa Canada Linux Users Group and ExitCertified Copyright and Redistribution This manual
More informationComputing forensics: a live analysis
April 18th, 2005 1 2 3 Objectives Evidence acquisition Recovery and examination of suspect digital evidence (think Warrick Brown on CSI) Hardware: servers, workstations, laptops, PDAs, mobiles, cameras
More informationBasic Linux & Package Management. Original slides from GTFO Security
Basic Linux & Package Management Original slides from GTFO Security outline Linux What it is? Commands Filesystem / Shell Package Management Services run on Linux mail dns web central authentication router
More informationInstalling MooseFS Step by Step Tutorial
Installing MooseFS Step by Step Tutorial Michał Borychowski MooseFS Support Manager contact@moosefs.org march 2010 Gemius SA Overview... 3 MooseFS install process on dedicated machines... 3 Master server
More informationThirty Useful Unix Commands
Leaflet U5 Thirty Useful Unix Commands Last revised April 1997 This leaflet contains basic information on thirty of the most frequently used Unix Commands. It is intended for Unix beginners who need a
More informationWhere is computer forensics used?
What is computer forensics? The preservation, recovery, analysis and reporting of digital artifacts including information stored on computers, storage media (such as a hard disk or CD-ROM), an electronic
More informationAutomating Linux Malware Analysis Using Limon Sandbox Monnappa K A monnappa22@gmail.com
Automating Linux Malware Analysis Using Limon Sandbox Monnappa K A monnappa22@gmail.com A number of devices are running Linux due to its flexibility and open source nature. This has made Linux platform
More informationForensic Investigator. Module XI Linux Forensics
Computer Hacking Forensic Investigator Module XI Linux Forensics Module Objective This module will familiarize you with the following: Use of Linux as a forensic tool. Recognizing partitions in Linux.
More informationLECTURE-7. Introduction to DOS. Introduction to UNIX/LINUX OS. Introduction to Windows. Topics:
Topics: LECTURE-7 Introduction to DOS. Introduction to UNIX/LINUX OS. Introduction to Windows. BASIC INTRODUCTION TO DOS OPERATING SYSTEM DISK OPERATING SYSTEM (DOS) In the 1980s or early 1990s, the operating
More informationServer Forensics: Linux
Server Forensics: Linux Part II.A. Techniques and Tools: Computer Forensics CSF: Forensics Cyber-Security Fall 2015 Nuno Santos Summary } Linux forensics } Overview of Linux (Unix) systems } System subversion
More informationDigital Forensics For Unix. The SANS Institute
Digital Forensics For Unix The SANS Institute John Green john@cybersecuritysciences.com Hal Pomeranz hal@deer-run.com 1 1 Forensics in a Nutshell Evidence seizure Investigation and analysis Reporting results
More informationA candidate following a programme of learning leading to this unit will be able to:
Unit 24: Linux+ Learning Outcomes A candidate following a programme of learning leading to this unit will be able to: Demonstrate knowledge of planning the implementation Show knowledge of how to install
More informationRed Hat Linux Administration II Installation, Configuration, Software and Troubleshooting
Course ID RHL200 Red Hat Linux Administration II Installation, Configuration, Software and Troubleshooting Course Description Students will experience added understanding of configuration issues of disks,
More informationRootkit: Analysis, Detection and Protection
Rootkit: Analysis, Detection and Protection Igor Neri Sicurezza Informatica Prof. Bistarelli 1/34 Definition of Rootkit A rootkit is malware which consists of a set of programs designed to hide or obscure
More informationFred Hantelmann LINUX. Start-up Guide. A self-contained introduction. With 57 Figures. Springer
Fred Hantelmann LINUX Start-up Guide A self-contained introduction With 57 Figures Springer Contents Contents Introduction 1 1.1 Linux Versus Unix 2 1.2 Kernel Architecture 3 1.3 Guide 5 1.4 Typographical
More informationKnow Your Enemy: A Forensic Analysis
Know Your Enemy: A Forensic Analysis The Study of an Attack Honeynet Project http://project.honeynet.org Last Modified: 23 May 2000 This paper is a continuation of the Know Your Enemy series. The first
More informationLinux in Law Enforcement
Linux in Law Enforcement It's all about CONTROL Barry J. Grundy CALUG MEETING JUNE 2008 !! Disclaimer!! This presentation is not sponsored by any organization of the US Government I am here representing
More informationUSEFUL UNIX COMMANDS
cancel cat file USEFUL UNIX COMMANDS cancel print requested with lp Display the file cat file1 file2 > files Combine file1 and file2 into files cat file1 >> file2 chgrp [options] newgroup files Append
More informationDefining Digital Forensic Examination and Analysis Tools Using Abstraction Layers
Defining Digital Forensic Examination and Analysis Tools Using Abstraction Layers Brian Carrier Research Scientist @stake Abstract This paper uses the theory of abstraction layers to describe the purpose
More informationTutorial 0A Programming on the command line
Tutorial 0A Programming on the command line Operating systems User Software Program 1 Program 2 Program n Operating System Hardware CPU Memory Disk Screen Keyboard Mouse 2 Operating systems Microsoft Apple
More informationLSN 10 Linux Overview
LSN 10 Linux Overview ECT362 Operating Systems Department of Engineering Technology LSN 10 Linux Overview Linux Contemporary open source implementation of UNIX available for free on the Internet Introduced
More informationSystem Administration of a C-TOOLS Server
C-TOOLS Version 1.0a; Page 1 of 7 System Administration of a C-TOOLS Server 0. About this Document Table of Contents 1. Introduction 2. Comments on Installing 3. Checklist of Functionality 4. Backing up
More informationComputer Forensic Tools. Stefan Hager
Computer Forensic Tools Stefan Hager Overview Important policies for computer forensic tools Typical Workflow for analyzing evidence Categories of Tools Demo SS 2007 Advanced Computer Networks 2 Important
More informationEXPLORING LINUX KERNEL: THE EASY WAY!
EXPLORING LINUX KERNEL: THE EASY WAY! By: Ahmed Bilal Numan 1 PROBLEM Explore linux kernel TCP/IP stack Solution Try to understand relative kernel code Available text Run kernel in virtualized environment
More informationDIGITAL FORENSIC INVESTIGATION, COLLECTION AND PRESERVATION OF DIGITAL EVIDENCE. Vahidin Đaltur, Kemal Hajdarević,
DIGITAL FORENSIC INVESTIGATION, COLLECTION AND PRESERVATION OF DIGITAL EVIDENCE Vahidin Đaltur, Kemal Hajdarević, Internacional Burch University, Faculty of Information Technlogy 71000 Sarajevo, Bosnia
More informationinside: THE MAGAZINE OF USENIX & SAGE April 2003 volume 28 number 2 SECURITY Chuvakin: Ups and Downs of UNIX/Linux Host-Based Security Solutions
THE MAGAZINE OF USENIX & SAGE April 2003 volume 28 number 2 inside: SECURITY Chuvakin: Ups and Downs of UNIX/Linux Host-Based Security Solutions & The Advanced Computing Systems Association & The System
More informationTELE 301 Lecture 7: Linux/Unix file
Overview Last Lecture Scripting This Lecture Linux/Unix file system Next Lecture System installation Sources Installation and Getting Started Guide Linux System Administrators Guide Chapter 6 in Principles
More informationCisco Networking Academy Program Curriculum Scope & Sequence. Fundamentals of UNIX version 2.0 (July, 2002)
Cisco Networking Academy Program Curriculum Scope & Sequence Fundamentals of UNIX version 2.0 (July, 2002) Course Description: Fundamentals of UNIX teaches you how to use the UNIX operating system and
More informationWorms, Trojan Horses and Root Kits
Worms, Trojan Horses and Root Kits Worms A worm is a type of Virus that is capable of spreading and replicating itself autonomously over the internet. Famous Worms Morris Internet worm (1988) Currently:
More informationRECOVERING DIGITAL EVIDENCE FROM LINUX SYSTEMS
Chapter 19 RECOVERING DIGITAL EVIDENCE FROM LINUX SYSTEMS Philip Craiger Abstract As Linux-kernel-based operating systems proliferate there will be an inevitable increase in Linux systems that law enforcement
More informationRapid AIX Security Hardening with Trusted Execution (TE) AIX schnell absichern mit Trusted Execution Andreas Leibl, RSTC Ltd
IBM Power Systems und Systems Management Symposium 30.05. - 01.06.2011 Rapid AIX Security Hardening with Trusted Execution (TE) AIX schnell absichern mit Trusted Execution Andreas Leibl, RSTC Ltd Andreas
More informationLinux command line. An introduction to the Linux command line for genomics. Susan Fairley
Linux command line An introduction to the Linux command line for genomics Susan Fairley Aims Introduce the command line Provide an awareness of basic functionality Illustrate with some examples Provide
More informationCapturing a Forensic Image. By Justin C. Klein Keane <jukeane@sas.upenn.edu> 12 February, 2013
Capturing a Forensic Image By Justin C. Klein Keane 12 February, 2013 Before you Begin The first step in capturing a forensic image is making an initial determination as to the
More informationUSB 2.0 Flash Drive User Manual
USB 2.0 Flash Drive User Manual 1 INDEX Table of Contents Page 1. IMPORTANT NOTICES...3 2. PRODUCT INTRODUCTION...4 3. PRODUCT FEATURES...5 4. DRIVER INSTALLATION GUIDE...6 4.1 WINDOWS 98 / 98 SE... 6
More informationWES 9.2 DRIVE CONFIGURATION WORKSHEET
WES 9.2 DRIVE CONFIGURATION WORKSHEET This packet will provide you with a paper medium external to your WES box to write down the device names, partitions, and mount points within your machine. You may
More informationFile-system Intrusion Detection by preserving MAC DTS: A Loadable Kernel Module based approach for LINUX Kernel 2.6.x
File-system Intrusion Detection by preserving MAC DTS: A Loadable Kernel Module based approach for LINUX Kernel 2.6.x Suvrojit Das +91-9734294105 suvrojit.das@gmail.com Arijit Chattopadhayay +91-9474910685
More informationIT6204 Systems & Network Administration. (Optional)
Systems & Network Administration (Optional) INTRODUCTION This is one of the Optional courses designed for Semester 6 of the Bachelor of Information Technology Degree program. This course on Systems & Network
More informationSee the installation page http://wiki.wocommunity.org/display/documentation/deploying+on+linux
Linux Installation See the installation page http://wiki.wocommunity.org/display/documentation/deploying+on+linux Added goodies (project Wonder) Install couple of more goodies from Wonder. I Installed
More informationIntroduction to Operating Systems
Introduction to Operating Systems It is important that you familiarize yourself with Windows and Linux in preparation for this course. The exercises in this book assume a basic knowledge of both of these
More information"EZHACK" POPULAR SMART TV DONGLE REMOTE CODE EXECUTION
"EZHACK" POPULAR SMART TV DONGLE REMOTE CODE EXECUTION CHECK POINT ALERTED EZCAST THAT ITS SMART TV DONGLE, WHICH IS USED BY APPROXIMATELY 5 MILLION USERS, IS EXPOSED TO SEVERE REMOTE CODE EXECUTION VULNERABILITIES
More informationOpen Source and Incident Response
Open Source and Incident Response Joe Lofshult, CISSP, GCIH 1 Agenda Overview Open Source Tools FIRE Demonstration 2 Overview Incident Adverse event that threatens security in computing systems and networks.
More informationSystem administration basics
Embedded Linux Training System administration basics Michael Opdenacker Thomas Petazzoni Free Electrons Copyright 2009, Free Electrons. Creative Commons BY SA 3.0 license Latest update: Dec 20, 2010, Document
More informationusing memory dumps in digital forensics
SAM STOVER AND MATT DICKERSON using memory dumps in digital forensics Stover is an independent security researcher with experience in network- and host-based forensics. sam.stover@gmail.com Matt Dickerson
More informationLinux Template Creation Guide. How to build your own Linux VM templates for deployment in Cloudturk.
Linux Template Creation Guide How to build your own Linux VM templates for deployment in Cloudturk. TABLE OF CONTENTS 1. Installing Xen Hypervisor... 2 2. Installing DomU (Paravirtualized)... 5 3. Installing
More informationICS 351: Today's plan
ICS 351: Today's plan routing protocols linux commands Routing protocols: overview maintaining the routing tables is very labor-intensive if done manually so routing tables are maintained automatically:
More informationDo it Yourself System Administration
Do it Yourself System Administration Due to a heavy call volume, we are unable to answer your call at this time. Please remain on the line as calls will be answered in the order they were received. We
More informationhttp://www.airdefense.net/education/index.shtm b. Cerberus Internet Scanner (WinNT/Win2K scanner) http://www.cerberus-infosec.co.uk/cis.
Auditing, Intrusion Detection, Forensics, and Logging 1. Auditing (Code, Host, Network & Password Audit Tools) Utilities for checking and verifying security measures a. AirDefense (Wireless scanner and
More informationOn Disk Encryption with Red Hat Enterprise Linux
On Disk Encryption with Red Hat Enterprise Linux Author: Contact: Copyright: URL: Bowe Strickland, Curriculum Manager bowe@redhat.com Copyright 2011, Red Hat, Inc. All rights reserved. http://people.redhat.com/~bowe/summit/2011/tot/on_disk_encryption
More informationRecovering Deleted Files in Linux
Recovering Deleted Files in Linux Brian Buckeye and Kevin Liston Most systems administrators have experienced a situation where a vital file has accidentally been deleted without a recent backup. In this
More informationKINDLE FORENSICS: ACQUISITION & ANALYSIS
KINDLE FORENSICS: ACQUISITION & ANALYSIS Peter Hannay SECAU School of Computer and Security Science Edith Cowan University Perth, Australia p.hannay@ecu.edu.au Abstract The Amazon Kindle ebook reader supports
More informationChapter 10 Case Study 1: LINUX
MODERN OPERATING SYSTEMS Third Edition ANDREW S. TANENBAUM Chapter 10 Case Study 1: LINUX History of UNIX and Linux UNICS PDP-11 UNIX Portable UNIX Berkeley UNIX Standard UNIX MINIX Linux UNIX/Linux Goals
More informationBackTrack Hard Drive Installation
BackTrack Hard Drive Installation BackTrack Development Team jabra [at] remote-exploit [dot] org Installing Backtrack to a USB Stick or Hard Drive 1 Table of Contents BackTrack Hard Drive Installation...3
More informationCS 103 Lab Linux and Virtual Machines
1 Introduction In this lab you will login to your Linux VM and write your first C/C++ program, compile it, and then execute it. 2 What you will learn In this lab you will learn the basic commands and navigation
More informationINASP: Effective Network Management Workshops
INASP: Effective Network Management Workshops Linux Familiarization and Commands (Exercises) Based on the materials developed by NSRC for AfNOG 2013, and reused with thanks. Adapted for the INASP Network
More informationUnix Administration. Contents. David Malone. March 20, 2001. 1 The Function of the Unix Administrator 1. 2 Basic Unix Objects 2
Unix Administration David Malone March 20, 2001 Contents 1 The Function of the Unix Administrator 1 2 Basic Unix Objects 2 3 Useful Tools for the administrator 4 4 Startup, Shutdown and Rebooting 5 4.1
More informationDesign and Implementation of a Live-analysis Digital Forensic System
Design and Implementation of a Live-analysis Digital Forensic System Pei-Hua Yen Graduate Institute of Information and Computer Education, National Kaohsiung Normal University, Taiwan amber8520@gmail.com
More informationAn Oracle White Paper May 2010. How to Eliminate Web Page Hijacking Using Oracle Solaris 10 Security
An Oracle White Paper May 2010 How to Eliminate Web Page Hijacking Using Oracle Solaris 10 Security Introduction... 1 Oracle Solaris Security: Overview... 2 Oracle Solaris User and Process Rights Management...
More informationSetup software RAID1 array on running CentOS 6.3 using mdadm. (Multiple Device Administrator) 1. Gather information about current system.
Setup software RAID1 array on running CentOS 6.3 using mdadm. (Multiple Device Administrator) All commands run from terminal as super user. Default CentOS 6.3 installation with two hard drives, /dev/sda
More informationComputer Forensics using Open Source Tools
Computer Forensics using Open Source Tools COMP 5350/6350 Digital Forensics Professor: Dr. Anthony Skjellum TA: Ananya Ravipati Presenter: Rodrigo Sardinas Overview Use case explanation Useful Linux Commands
More informationProcedure to Create and Duplicate Master LiveUSB Stick
Procedure to Create and Duplicate Master LiveUSB Stick A. Creating a Master LiveUSB stick using 64 GB USB Flash Drive 1. Formatting USB stick having Linux partition (skip this step if you are using a new
More informationSIOS Protection Suite for Linux v8.3.0. Postfix Recovery Kit Administration Guide
SIOS Protection Suite for Linux v8.3.0 Postfix Recovery Kit Administration Guide July 2014 This document and the information herein is the property of SIOS Technology Corp. (previously known as SteelEye
More informationCommand Line - Part 1
Command Line - Part 1 STAT 133 Gaston Sanchez Department of Statistics, UC Berkeley gastonsanchez.com github.com/gastonstat Course web: gastonsanchez.com/teaching/stat133 GUIs 2 Graphical User Interfaces
More informationEC-Council Ethical Hacking and Countermeasures
EC-Council Ethical Hacking and Countermeasures Description This class will immerse the students into an interactive environment where they will be shown how to scan, test, hack and secure their own systems.
More informationMake a folder named Lab3. We will be using Unix redirection commands to create several output files in that folder.
CMSC 355 Lab 3 : Penetration Testing Tools Due: September 31, 2010 In the previous lab, we used some basic system administration tools to figure out which programs where running on a system and which files
More informationNATIONAL POPULATION REGISTER (NPR)
NATIONAL POPULATION REGISTER (NPR) Project Name: NPR Version No: 1.0.0 Release Date: Group Name: NPR-ECIL Version Date: LINUX SERVER INSTALLATION AND CONFIGURATION FOR JAVA BASED NPR DATAENTRY SOFTWARE
More informationAdvanced Linux System Administration on Red Hat
Advanced Linux System Administration on Red Hat Kenneth Ingham September 29, 2009 1 Course overview This class is for people who are familiar with basic Linux administration (i.e., they know users, packages,
More informationLinux Kernel Architecture
Linux Kernel Architecture Amir Hossein Payberah payberah@yahoo.com Contents What is Kernel? Kernel Architecture Overview User Space Kernel Space Kernel Functional Overview File System Process Management
More informationCS 377: Operating Systems. Outline. A review of what you ve learned, and how it applies to a real operating system. Lecture 25 - Linux Case Study
CS 377: Operating Systems Lecture 25 - Linux Case Study Guest Lecturer: Tim Wood Outline Linux History Design Principles System Overview Process Scheduling Memory Management File Systems A review of what
More informationLab 1: Introduction to the network lab
CSCI 312 - DATA COMMUNICATIONS AND NETWORKS FALL, 2014 Lab 1: Introduction to the network lab NOTE: Be sure to bring a flash drive to the lab; you will need it to save your data. For this and future labs,
More informationLecture outline. Computer Forensics and Digital Investigation. Defining the word forensic. Defining Computer forensics. The Digital Investigation
Computer Forensics and Digital Investigation Computer Security EDA263, lecture 14 Ulf Larson Lecture outline! Introduction to Computer Forensics! Digital investigation! Conducting a Digital Crime Scene
More informationIntroduction to Mac OS X
Introduction to Mac OS X The Mac OS X operating system both a graphical user interface and a command line interface. We will see how to use both to our advantage. Using DOCK The dock on Mac OS X is the
More informationDigital Forensics Tutorials Acquiring an Image with Kali dcfldd
Digital Forensics Tutorials Acquiring an Image with Kali dcfldd Explanation Section Disk Imaging Definition Disk images are used to transfer a hard drive s contents for various reasons. A disk image can
More informationThe current version installed on your server is 2.6.32-431.5.1.el6.x86_64 and it's the latest available.
IP : nnn.nnn.nnn.n 173.255.141.4 Hostname : example.domain.com webserver.theewfinc.org OS : CentOS release 6.6 (Final) The following is a report on the security and performance of your server. It includes
More informationSystem Security Fundamentals
System Security Fundamentals Alessandro Barenghi Dipartimento di Elettronica, Informazione e Bioingegneria Politecnico di Milano alessandro.barenghi - at - polimi.it April 28, 2015 Lesson contents Overview
More informationMySQL Backups: From strategy to Implementation
MySQL Backups: From strategy to Implementation Mike Frank Senior Product Manager 1 Program Agenda Introduction The 5 Key Steps Advanced Options References 2 Backups are a DBAs Top Priority Be Prepared
More informationCloud Storage Client Application Evidence Analysis on UNIX/Linux
Int'l Conf. Security and Management SAM'15 111 Cloud Storage Client Application Evidence Analysis on UNIX/Linux R. Malik 1, N. Shashidhar 1, and L. Chen 2 1 Department of Computer Science, Sam Houston
More informationChapter 7: Unix Security. Chapter 7: 1
Chapter 7: Unix Security Chapter 7: 1 Objectives Understand the security features provided by a typical operating system. Introduce the basic Unix security model. See how general security principles are
More informationContents III: Contents II: Contents: Rule Set Based Access Control (RSBAC) 4.2 Model Specifics 5.2 AUTH
Rule Set Based Access Control (RSBAC) Linux Kernel Security Extension Tutorial Amon Ott Contents: 1 Motivation: Why We Need Better Security in the Linux Kernel 2 Overview of RSBAC 3 How
More informationForensic Acquisition and Analysis of VMware Virtual Hard Disks
Forensic Acquisition and Analysis of VMware Virtual Hard Disks Manish Hirwani, Yin Pan, Bill Stackpole and Daryl Johnson Networking, Security and Systems Administration Rochester Institute of Technology
More informationAudit Trail Administration
Audit Trail Administration 0890431-030 August 2003 Copyright 2003 by Concurrent Computer Corporation. All rights reserved. This publication or any part thereof is intended for use with Concurrent Computer
More informationCreating a Disk Drive For Linux
Storage Presenter:! Robert Wang Linux s Abstraction (vfs) (file systems) (physical devices) Storage Device Disk Drive Multiple Drives RAID! Redundant Array of Independent/Inexpensive Disks! Software or
More information