Rescuing data from attackers

Data Rescue

Article from Issue 134/2012

Author(s): Kurt Seifried

When attackers strike your system, you need to determine exactly what damage has been done. Here are some tools to help.

Typically, when the term “data rescue” is mentioned, failed RAID arrays, accidentally deleted files, and corrupted backups come to mind. But, what happens when a break-in occurs and you need to find out how the attacker got in and how much damage has been done?

If you’re lucky (relatively speaking), the attacker will make changes to the filesystem. For example, in the recent kernel.org security breach, the OpenSSH binaries were replaced with ones that would log usernames, passwords, and keys, allowing the attacker to access additional systems. In theory, tools like AIDE or Tripwire should catch these modifications, but in practice this doesn’t always work.

Buy this article as PDF

Express-Checkout as PDF

Price $2.95
(incl. VAT)

Buy Linux Magazine

SINGLE ISSUES

Print Issues

Digital Issues

SUBSCRIPTIONS

Print Subs

Digisubs

TABLET & SMARTPHONE APPS

US / Canada

UK / Australia

Support Our Work

Linux Magazine content is made possible with support from readers like you. Please consider contributing when you’ve found an article to be beneficial.

News

TuxCare Announces Support for AlmaLinux 9.2

AlmaLinux , Enterprise Linux , Security

Thanks to TuxCare, AlmaLinux 9.2 (and soon version 9.6) now enjoys years of ongoing patching and compliance.
Go-Based Botnet Attacking IoT Devices

IoT , Security , Systemd

Using an SSH credential brute-force attack, the Go-based PumaBot is exploiting IoT devices everywhere.
Plasma 6.5 Promises Better Memory Optimization

Desktop , Linux , Plasma

With the stable Plasma 6.4 on the horizon, KDE has a few new tricks up its sleeve for Plasma 6.5.
KaOS 2025.05 Officially Qt5 Free

KDE , Linux , Operating Systems

If you're a fan of independent Linux distributions, the team behind KaOS is proud to announce the latest iteration that includes kernel 6.14 and KDE's Plasma 6.3.5.
Linux Kernel 6.15 Now Available

Kernel , Linux , Rust

The latest Linux kernel is now available with several new features/improvements and the usual bug fixes.
Microsoft Makes Surprising WSL Announcement

Linux , open source , Windows

In a move that might surprise some users, Microsoft has made Windows Subsystem for Linux open source.
Red Hat Releases RHEL 10 Early

Enterprise Linux , RHEL , Security

Red Hat quietly rolled out the official release of RHEL 10.0 a bit early.
openSUSE Joins End of 10

Linux , openSUSE , Windows

openSUSE has decided to not only join the End of 10 movement but it also will no longer support the Deepin Desktop Environment.
New Version of Flatpak Released

Flatpak , Linux , Security

Flatpak 1.16.1 is now available as the latest, stable version with various improvements.
IBM Announces Powerhouse Linux Server

Linux , Security , Server

IBM has unleashed a seriously powerful Linux server with the LinuxONE Emperor 5.

Rescuing data from attackers

Data Rescue

Buy this article as PDF

Buy Linux Magazine

Related content

Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs
Subscribe to our ADMIN Newsletters

Support Our Work

News

TuxCare Announces Support for AlmaLinux 9.2

Go-Based Botnet Attacking IoT Devices

Plasma 6.5 Promises Better Memory Optimization

KaOS 2025.05 Officially Qt5 Free

Linux Kernel 6.15 Now Available

Microsoft Makes Surprising WSL Announcement

Red Hat Releases RHEL 10 Early

openSUSE Joins End of 10

New Version of Flatpak Released

IBM Announces Powerhouse Linux Server

Rescuing data from attackers

Data Rescue

Buy this article as PDF

Buy Linux Magazine

Related content

Subscribe to our Linux Newsletters Find Linux and Open Source Jobs Subscribe to our ADMIN Newsletters

Support Our Work

News

Tag Cloud

Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs
Subscribe to our ADMIN Newsletters