Unix and Linux forensic analysis DVD toolkit
This book addresses topics in the area of forensic analysis of systems running on variants of the UNIX operating system, which is the choice of hackers for their attack platforms. According to a 2007 IDC report, UNIX servers account for the second-largest segment of spending (behind Windows) in the...
| Autor principal: | |
|---|---|
| Otros Autores: | , |
| Formato: | Libro electrónico |
| Idioma: | Inglés |
| Publicado: |
Burlington, MA :
Syngress Publishing
c2008.
|
| Edición: | 1st edition |
| Colección: | IT Pro
|
| Materias: | |
| Ver en Biblioteca Universitat Ramon Llull: | https://discovery.url.edu/permalink/34CSUC_URL/1im36ta/alma991009627662406719 |
Tabla de Contenidos:
- Front Cover; Unix and Linux Forensic Analysis DVD Toolkit; Copyright Page; Co-Authors; Appendix Contributor; Contents; Chapter 1: Introduction; History; Target Audience; What is Covered; What is Not Covered; Chapter 2: Understanding Unix; Introduction; Unix, UNIX, Linux, and *nix; Linux Distributions; Get a Linux!; Booting Ubuntu Linux from the LiveCD; The Shell; All Hail the Shell; Essential Commands; Highlights of The Linux Security Model; The *nix File system Structure; Mount points: What the Heck are They?; File Systems; Ext2/Ext3; Summary; Chapter 3: Live Response: Data Collection
- IntroductionPrepare the Target Media; Mount the Drive; Format the Drive; Format the Disk with the ext File System; Gather Volatile Information; Prepare a Case Logbook; Acquiring the Image; Preparation and Planning; DD; Bootable *nix ISOs; Helix; Knoppix; BackTrack 2; Insert; EnCase LinEn; FTK Imager; ProDiscover; Summary; Chapter 4: Initial Triage and Live Response: Data Analysis; Introduction; Initial Triage; Log Analysis; zgrep; Tail; More; Less; Keyword Searches; strings /proc/kcore -t d > /tmp/kcore_outfile; File and Directory Names; IP Addresses and Domain Names; Tool Keywords
- Tricks of the TradeUser Activity; Shell History; Logged on Users; Network Connections; Running Processes; Open File Handlers; Summary; Chapter 5: The Hacking Top 10; Introduction; The Hacking Top Ten; Netcat; Reconnaissance Tools; Nmap; Nessus; Try it Out; Plug-ins; Ports; Target; Nikto; Wireshark; Canvas/Core Impact; The Metasploit Framework; Paros; hping2 - Active Network Smashing Tool; Ettercap; Summary; Chapter 6: The /Proc File System; Introduction; cmdline; cpuinfo; diskstats; driver/rtc; filesystems; kallsyms (ksyms); kcore; modules; mounts; partitions; sys/; uptime; version
- Process IDscmdline; cwd; environ; exe; fd; loginuid; Putting It All Together; sysfs; modules; block; Chapter 7: File Analysis; The Linux Boot Process; init and runlevels; System and Security Configuration Files; Users, Groups, and Privileges; Cron Jobs; Log Files; Who; Where and What; Identifying Other Files of Interest; SUID and SGID Root Files; Recently Modified/Accessed/Created Files; Modified System Files; Out-of-Place inodes; Hidden Files and Hiding Places; Chapter 8: Malware; Introduction; Viruses; Storms on the Horizon; Do it Yourself with Panda and Clam; Download ClamAV
- Install ClamAVUpdating Virus Database with Freshclam; Scanning the Target Directory; Download Panda Antivirus; Install Panda Antivirus; Scanning the Target Directory; Web References; Appendix A: Implementing Cybercrime Detection Techniques on Windows and *nix by Michael Cross; Introduction; Security Auditing and Log Files; Auditing for Windows Platforms; Auditing for UNIX and Linux Platforms; Firewall Logs, Reports, Alarms, and Alerts; Commercial Intrusion Detection Systems; Characterizing Intrusion Detection Systems; Commercial IDS Players; IP Spoofing and Other Antidetection Tactics
- Honeypots, Honeynets, and Other "Cyberstings"
