Chapter 8. Step 8: Transferring Files
Perhaps you think you’ve found evidence of a system compromise, or you fear log files will be altered if you end up restarting services or the system itself. If you want to preserve files on another system so that someone more knowledgeable can look at them later, the commands in this chapter will come in handy.
Most commands in this report will not alter system state. However, the commands in this chapter and the next have the potential to do so. In this chapter, the commands to transfer files from the Linux system to another system for later analysis can also work in reverse—that is, transfer files to the Linux box. So be careful!
Secure Copying
The scp
(secure copy) command can be used to copy files over the SSH
protocol (the same protocol that you’re running your ssh
terminal
session over). This command allows us to copy files using an encrypted,
compressed mechanism.
If you are going to copy files from Linux “down” to your Windows system,
you need a program that will run on Windows. The creator of PuTTY made
PSCP.EXE
for precisely that purpose: to implement scp
for Windows.
You can download it from the same place as
PuTTY.
The PSCP.EXE
program, shown in Figure 8-1, is meant to run under Windows Command Prompt
(CMD.EXE
). It takes the same parameters as scp
.
In this example, the -r
means to copy recursively. The ...
Get Ten Steps to Linux Survival now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.