Examining the art of computer forensics

A Last Resort

If you are considering running binutils tools – for example, to extract the symbol table (with <nm), or even disassemble the machine code (objdump might help) – your mileage will vary. Usually, this technique is a last resort.

Conclusion

The simple strategies we've described might help you catch a thief in the act, but if the intruder is a seasoned professional, or if you need to worry about maintaining a formal, documented process for collecting evidence, you'll need something more.

Read on for more about the tools and techniques of computer forensics.

Buy this article as PDF

Express-Checkout as PDF
Price $2.95
(incl. VAT)

Buy Linux Magazine

SINGLE ISSUES
 
SUBSCRIPTIONS
 
TABLET & SMARTPHONE APPS
Get it on Google Play

US / Canada

Get it on Google Play

UK / Australia

Related content

  • Memory Analysis

    In computer forensics, memory analysis is becoming increasingly important as a means for investigating security incidents. In this article, we provide an overview of the various memory dumping options on Linux and introduce the support in Linux for the Volatility Analysis Framework.

  • Caine

    Caine is a Linux distribution based on Ubuntu 10.04 for forensic scientists and security-conscious administrators. Poised to do battle against IT ne’er-do-wells, Caine has a comprehensive selection of software, a user-friendly GUI, and responsive support.

  • OCFA

    Automate the forensics process with the Dutch police department's Open Computer Forensics Architecture.

  • Honeynet

    Security-conscious admins can use a honeynet to monitor, log, and analyze intrusion techniques.

  • BackTrack and Sleuth Kit

    Once you determine a system has been attacked, boot to the BackTrack Live forensics distro and start your investigation with Sleuth Kit.

comments powered by Disqus

Direct Download

Read full article as PDF:

Tracing_Intruders_Intro.pdf  (459.19 kB)

News