By Chetan Gupta, NII Consulting In accordance with NII’s mantra of innovation and research, we have developed our own tool to conduct initial response on compromised Linux systems. This tool is appropriately titled LINReS which stand for “Linux INcident Response Script”. LINReS is a Live Response script designed to run on suspect/compromised Linux systems. LINReS […]
By Kush Wadhwa, NII Consulting Welcome to the world of log analysis. Log analysis plays a crucial role in intrusion detection. If the compromised system is running on Linux platform one of the first steps which the investigator will perform is the analysis of log files. Linux has an ability to store the logs of […]
By Chetan Gupta, NII Consulting In my previous article on Userassist, I had mentioned how UserAssist records user access of specific objects on the system and how it would greatly aid forensic investigations. Although, I had shown how to decrypt the keys, the important thing that was missing was how to interpret the 16 bytes […]
by Chetan Gupta, NII Consulting A small experiment…Create a new text file. Edit it using Notepad and type “Hello” in it. save and exit the editor. Right click the file and check its properties. Did you notice the two attributes “Size” and “Size on disk”. It looks something like this on my Windows XP system […]
