You are a security specialist brought in to investigate the suspected security compromise of a Unix machine. You are expected to gather as much information as possible without altering or contaminating the evidence. The data you collect must be good enough to determine whether a compromise has actually occurred on the system. During the analysis of data, you will need to create a detailed time-based reconstruction of the attack and compromise. You must also answer questions such as: when and where did the compromise occur, how did the compromise occur, how many systems were affected, and what files were affected. This information is critical in determining who attacked your system, how they gained access, and whether prosecution is justified.
Read Entire Paper
E-Mail Link
Your IP address will be sent with this e-mail
