In this paper I will describe evidence gathering on a Unix system using "The Coroners Toolkit" version 1.09 hereafter referred to as TCT. TCT can be downloaded freely from porcupine.org/forensics/tct.html. The two types of evidence I will focus on are ephemeral and static evidence. Ephemeral evidence refers to evidence, which generally doesn’t last a long time.
Read Entire Paper
E-Mail Link
Your IP address will be sent with this e-mail
