UNIX and Linux Forensic Analysis DVD Toolkit

Chapter 4. Initial Triage and Live Response - Data Analysis

Solutions in this chapter:
Initial Triage

Tricks of the Trade

User Activity

Network Connections

Running Processes

Open File Handlers

Summary

Introduction

OK … so now you have gathered all of the volatile information from the target system(s), and powered them down. Now what? How do you go from a bunch of seemingly unrelated data, to meaningful information that will help to bring you closer to figuring out what has occurred? The information that needs to be gleaned from the volatile data will obviously change from case to case, but the means by which you parse out this information ...

Get UNIX and Linux Forensic Analysis DVD Toolkit now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

UNIX and Linux Forensic Analysis DVD Toolkit by Chris Pogue, Cory Altheide, Todd Haverkos

Chapter 4. Initial Triage and Live Response - Data Analysis

Solutions in this chapter:

Introduction

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly