Forensics on a hacked Linux box...

The Holliday cracking article (sic) shows how one guy walked through doing forensics on a box. The interesting part of this discussion is two-fold...

first - seeing what the cracker/hacker did to the Linux box
second - seeing the range of comments on Bruce Schneier's website about how the "forensics analyst" went about his analysis - i.e. what to do, what not to do
The take home message for this:
* No computer is truly safe
* When doing forensics, the techniques you use and the decisions you make are gonna be second guessed endlessly.


No comments: