Live Forensic Analysis of a Compromised Linux System Using LECT (Linux Evidence Collection Tool)

Author

Choi, Joonho ; Savoldi, Antonio ; Gubian, Paolo ; Lee, Seokhee ; Lee, Sangjin

Author_Institution

Center for Inf. Security Technol., Korea Univ., Seoul

fYear

2008

fDate

24-26 April 2008

Firstpage

231

Lastpage

236

Abstract

The Linux operating system has been used as a server system in plenty of business services worldwide. Nowadays, a lot of incident response approaches on such kind of platform have been established by many researchers active in the computer forensic discipline. Interestingly, many frameworks about how to deal with a live digital investigation on a Linux systems have been illustrated in the forensic literature. Conversely, as a matter of fact, there are not so many tools for approaching live forensic of a Linux system. Thus, we have developed and implemented a new framework to deal with a compromised Linux system in a digital forensic investigation. The resulting framework has been called LECT (Linux Evidence Collection Tool) ant aims to represent a significant contribution in the field of live forensic analysis of Linux based systems.

Keywords

Linux; security of data; Linux evidence collection tool; compromised Linux operating system; computer forensics; live forensic analysis; server system; Automation; Consumer electronics; Data security; Digital forensics; Graphical user interfaces; Information analysis; Information security; Linux; Network servers; Operating systems; Framework; Linux forensic analysis; Linux operating system; digital evidence;

fLanguage

English

Publisher

ieee

Conference_Titel

Information Security and Assurance, 2008. ISA 2008. International Conference on

Conference_Location

Busan

Print_ISBN

978-0-7695-3126-7

Type

conf

DOI

10.1109/ISA.2008.41

Filename

4511568