Forensic analysis of compromised systems

This article presents a study on whether and how may forensic analysis contribute to a compromised system. It explores the use of specific procedures for conducting security examinations of such a system, allowing gaining and store relevant evidence. Test results in laboratory-scale environment demonstrate the feasibility of performing general methods on live computer systems, operations systems in particular, all intended for the scale of forensic analyses. The study also weighs the relative contributions of possible forensic data sources which may a forensic analyst reveal throughout the analysis, especially important data obtained from operation systems Windows and Linux, whereby it is possible to extract valuable information. Finally, the exploratory activities result in the list of procedures applicable to Linux operating system that are seen to satisfy the security requirements for important data. The present study also intends to examine the mediating role of computer security as a process or mechanism by which to explain the relationship between forensic analysis and computing systems.