Last month in the first part of this article series, we discussed some of the preparation and steps that must be taking when analyzing a live Linux system that has been compromised. Now we'll continue our analysis by looking for malicious code on the running system, and then discuss some of the searches that can be done with the data once it has been transferred to our remote host.
Note: Some readers, after reading the first part of this article, pointed out that before transferring any digital data from the compromised machine, the trusted shell should be run. I think that it's good idea, so we should compile statically for instance the bash shell and then copy them to our removable media.
Read Entire Paper
E-Mail Link
Your IP address will be sent with this e-mail
