15-Minute Linux DFIR Triage. Dr. Phil Polstra Bloomsburg University of Pennsylvania
|
|
- Kimberly Pearson
- 6 years ago
- Views:
Transcription
1 15-Minute Linux DFIR Triage Dr. Phil Polstra Bloomsburg University of Pennsylvania
2 What is this talk about? Determining with some certainty if you have been hacked In a matter of minutes With minimal disturbance to the subject system Automating the process with shell scripting
3 Why should you care? Someone calls you about a suspected breach You need to need to figure out if they were hacked Quickly so as to avoid further harm to your client Without destroying evidence Without taking down a critical machine
4 Roadmap Opening a case Talking to the users Mounting known-good binaries Minimizing disturbance to the system Collecting Data Automation with scripting Next steps if there is a breach
5 Opening a Case Decide on case name (date?) Create a case folder on your laptop Start making entries in your notebook Bound notebook with numbered pages Easy to carry Hard to insert/remove pages No batteries required
6 First Talk to the Users They know the situation better than you Might be able to tell a false alarm before digging in Why did you call me? What they suspect No internal experts or policy to use outsider? Why do you think there was an incident? Everything they know about the subject system
7 USB Response Drive Contains known-good binaries Minimum /bin, /sbin, /lib for same architecture Might also grab /usr/sbin, /usr/bin, /usr/lib Must be on an ext2, ext3, or ext4 partition Could contain a bootable Linux on another partition This partition will probably be FAT Should be first partition See Chapter 1
8 Mounting Known-Good Binaries Insert response drive Exec your bash binary Set path to your binaries (and only your binaries) Set LD_LIBRARY_PATH Run all shell scripts as bash <script> Don't use she-bang (#!) in scripts!
9 Demo: Mounting Binaries
10 Minimize Disturbance to System You will always change the system a little Goal is to Minimize memory footprint Never write to subject media Two basic options Save everything to your USB response drive Send it over the network
11 Sending data over the network Better than USB drive due to caching Use netcat Create a listener for log information on forensics workstation Send log information from client Also create a listener for interesting files on forensics workstation Spawn a new listener when files are sent
12 Setting Up Log Listener netcat -k -l 9999 >> case-log.txt (-k) keep alive (-l) listen (>>) append From subject {command} netcat {forensic ws IP} 9999 Let's use shell scripting to automate this Shell not Python because we want to minimize memory footprint
13 Automating the Log Listener usage () { #if the directory doesn't exist create it echo "usage: $0 <case number>" if [! -d $1 ] ; then echo "Simple script to create case folder and start listeners" mkdir $1 fi exit 1 } # create the log listener `nc -k -l 4444 >> $1/log.txt` & if [ $# -lt 1 ] ; then usage echo "Started log listener for case $1 on $(date)" nc localhost 4444 else echo "Starting case $1" # start the file listener fi `./start-file-listener.sh $1` &
14 Automating the Log Client-Part 1 usage () { if [ $# -gt 2 ] ; then echo "usage: $0 <IP> [log port] [fn port] [ft port]" exit 1 } export RFPORT=$3 else export RFPORT=5555 # did you specify a file? if [ $# -lt 1 ] ; then usage fi fi if [ $# -gt 3 ] ; then export RFTPORT=$4 export RHOST=$1 if [ $# -gt 1 ] ; then export RPORT=$2 else export RFTPORT=5556 else export RPORT=4444 fi fi
15 Automating the Log Client Part 2 # defaults primarily for testing [ -z "$RHOST" ] && { export RHOST=localhost; } [ -z "$RPORT" ] && { export RPORT=4444; } usage () { echo "usage: $0 <command or script>" echo "Simple script to send a log entry to listener" exit 1 } # did you specify a command? if [ $# -lt 1 ] ; then usage else echo -e "++++Sending log for $@ at $(date) ++++\n $($@) \n----end----\n" nc $RHOST $RPORT fi
16 Automating Sending Files Listener on forensics workstation listens for file name When a new file name is received Create a new listener to receive file Redirect file to one with correct name Also log in the main case log (optional) On the client side File name is sent After brief pause send file to data listener port
17 Automating the File Listener usage () { while true echo "usage: $0 <case name>" do echo "Simple script to start a file listener" exit 1 filename=$(nc -l 5555) } nc -l 5556 > $1/$(basename $filename) # did you specify a file? done if [ $# -lt 1 ] ; then usage fi
18 Automating the File Client # defaults primarily for testing # did you specify a file? [ -z "$RHOST" ] && { export RHOST=localhost; } if [ $# -lt 1 ] ; then usage [ -z "$RPORT" ] && { export RPORT=4444; } [ -z "$RFPORT" ] && { export RFPORT=5555; } fi [ -z "$RFTPORT" ] && { export RFTPORT=5556; } #log it usage () { echo "usage: $0 <filename>" echo "Simple script to send a file to listener" exit 1 } echo "Attempting to send file $1 at $(date)" nc $RHOST $RPORT #send name echo $(basename $1) nc $RHOST $RFPORT #give it time sleep 5 nc $RHOST $RFTPORT < $1
19 Cleaning Up # close the case and clean up the listeners echo "Shutting down listeners at $(date) at user request" nc localhost 4444 killall start-case.sh killall start-file-listener.sh killall nc
20 Collecting Data Date (date) Clock skew on subject Time zone on subject Kernel version (uname -a) Needed for memory analysis Might be useful for researching vulnerabilities
21 Collecting Data (continued) Network interfaces (ifconfig -a) Any new interfaces? Strange addresses assigned? Network connections (netstat -anp) Connects to suspicious Internet addresses? Strange localhost connections? Suspicious ports? Programs on wrong ports (i.e malware on port 80)
22 Collecting Data (continued) Open files (lsof -V) What programs are using certain files/ports Might fail if malware installed Running processes (ps -ef and/or ps -aux) Things run as root that shouldn't be No login accounts logged in and running things Might fail if malware installed
23 Collecting Data (continued) Routing info (netstat -rn and route) Routed through new interface New gateways Conflicting results = malware Failure to run = malware
24 Collecting Data (continued) Mounted filesystems (mount and df) Things mounted that shouldn't be (especially tempfs) Mount options that have changed Filesystem filling up Disagreement = malware Kernel modules (lsmod) New device drivers Modules that have changed
25 Collecting Data (continued) Who is logged in now (w) System accounts that shouldn't be allowed to login Who has been logging in (last) System accounts that shouldn't be allowed to login Accounts that don't normally use this machine Failed logins (lastb) Repeated failures then success = password cracked
26 Collecting Data (continued) User login info (send /etc/passwd and /etc/shadow) Newly created login System accounts with shells and home directories Accounts with ID 0 Accounts with passwords that shouldn't be there
27 Putting It Together with a Script usage () { # now collect some info! echo "usage: $0 [listening host]" send-log.sh date echo "Simple script to send a log entry to listener" send-log.sh uname -a exit 1 send-log.sh ifconfig -a } send-log.sh netstat -anp send-log.sh lsof -V # did you specify a listener IP? if [ $# -gt 1 ] [ "$1" == "--help" ] ; then usage fi send-log.sh ps -ef send-log.sh netstat -rn send-log.sh route send-log.sh lsmod send-log.sh df send-log.sh mount # did you specify a listener IP? send-log.sh w if [ "$1"!= "" ] ; then send-log.sh last source setup-client.sh $1 fi send-log.sh lastb send-log.sh cat /etc/passwd send-log.sh cat /etc/shadow
28 Running the Initial Scan
29 Have I been hacked?
30 Who is Johnn? /etc/passwd
31 Why do these accounts have passwords? /etc/shadow
32 Who's been logging in? Results from last
33 Who failed to login? Results from lastb
34 Looks Like They Were Hacked Now What?
35 Live Analysis Use techniques described to Grab file metadata for key directories (/sbin, /bin, etc.) Grab users' command history Get system log files Get hashes of suspicious files Dump RAM Must compile LiME (off subject machine!) Risky can cause a crash
36 Dead Analysis Unless the machine absolutely cannot be taken offline it is strongly recommended that you shut it down and get a filesystem image If you cannot shutdown the machine You can still get a filesystem image with dcfldd You probably cannot use this evidence in court
37 More on Dead Analysis Filesystem analysis is much more mature and powerful than memory analysis The Linux support in Volatility is somewhat lacking Relatively new addition to a new tool Seems to fall down a lot with late 3.x and 4.x kernels None of the investigators I've talked to could come up with a case where evidence existed only in memory
38 Finding Out More Heard there was a new book out (1 kg+ of knowledge) Resources on Harass me on
39 Questions?
Volatile Data Acquisition & Analysis
Volatile Data Acquisition & Analysis Villanova University Department of Computing Sciences D. Justin Price Spring 2014 VOLATILE INFORMATION Memory that requires power to maintain data. Exists as Physical
More informationA shell can be used in one of two ways:
Shell Scripting 1 A shell can be used in one of two ways: A command interpreter, used interactively A programming language, to write shell scripts (your own custom commands) 2 If we have a set of commands
More informationShell Scripting. Todd Kelley CST8207 Todd Kelley 1
Shell Scripting Todd Kelley kelleyt@algonquincollege.com CST8207 Todd Kelley 1 If we have a set of commands that we want to run on a regular basis, we could write a script A script acts as a Linux command,
More informationLinux Systems Administration Shell Scripting Basics. Mike Jager Network Startup Resource Center
Linux Systems Administration Shell Scripting Basics Mike Jager Network Startup Resource Center mike.jager@synack.co.nz These materials are licensed under the Creative Commons Attribution-NonCommercial
More informationThe Big Chill. Freezing Data for Analysis
The Big Chill Freezing Data for Analysis The Magic Button Absolute Zero Processes Disks Memory Network Internet... Or, speed yourself up Heisenberg s Principle of System Analysis Real - impossible to know
More informationPlease choose the best answer. More than one answer might be true, but choose the one that is best.
Introduction to Linux and Unix - endterm Please choose the best answer. More than one answer might be true, but choose the one that is best. SYSTEM STARTUP 1. A hard disk master boot record is located:
More informationLINUX FORENSICS BY PHILIP POLSTRA DOWNLOAD EBOOK : LINUX FORENSICS BY PHILIP POLSTRA PDF
Read Online and Download Ebook LINUX FORENSICS BY PHILIP POLSTRA DOWNLOAD EBOOK : LINUX FORENSICS BY PHILIP POLSTRA PDF Click link bellow and free register to download ebook: LINUX FORENSICS BY PHILIP
More informationLinux Systems Administration Getting Started with Linux
Linux Systems Administration Getting Started with Linux Network Startup Resource Center www.nsrc.org These materials are licensed under the Creative Commons Attribution-NonCommercial 4.0 International
More informationChapter 5 Live Data Collection Windows Systems
Chapter 5 Live Data Collection Windows Systems Ed Crowley Spring 10 1 Topics Live Investigation Goals Creating a Response Toolkit Common Tools and Toolkits Preparing the Toolkit Storing Information Obtained
More informationWeek 5 Lesson 5 02/28/18
Week 5 Lesson 5 02/28/18 Important Announcements Extra Credits If you haven t done so, send your pictures to risimms@cabrillo.edu for 3 points EXTRA CREDIT. Join LinkedIn for 3 points Perkins/VTEA Survey
More informationLinux Kung Fu. Ross Ventresca UBNetDef, Fall 2017
Linux Kung Fu Ross Ventresca UBNetDef, Fall 2017 GOTO: https://apps.ubnetdef.org/ What is Linux? Linux generally refers to a group of Unix-like free and open source operating system distributions built
More informationUNIX System Programming Lecture 3: BASH Programming
UNIX System Programming Outline Filesystems Redirection Shell Programming Reference BLP: Chapter 2 BFAQ: Bash FAQ BMAN: Bash man page BPRI: Bash Programming Introduction BABS: Advanced Bash Scripting Guide
More informationbash Tests and Looping Administrative Shell Scripting COMP2101 Fall 2017
bash Tests and Looping Administrative Shell Scripting COMP2101 Fall 2017 Command Lists A command is a sequence of commands separated by the operators ; & && and ; is used to simply execute commands in
More informationIntroduction. What is Linux? What is the difference between a client and a server?
Linux Kung Fu Introduction What is Linux? What is the difference between a client and a server? What is Linux? Linux generally refers to a group of Unix-like free and open-source operating system distributions
More informationLinux Kung Fu. Stephen James UBNetDef, Spring 2017
Linux Kung Fu Stephen James UBNetDef, Spring 2017 Introduction What is Linux? What is the difference between a client and a server? What is Linux? Linux generally refers to a group of Unix-like free and
More informationbash Tests and Looping Administrative Shell Scripting COMP2101 Fall 2017
bash Tests and Looping Administrative Shell Scripting COMP2101 Fall 2017 Command Lists A command is a sequence of commands separated by the operators ; & && and ; is used to simply execute commands in
More informationCOMP 4/6262: Programming UNIX
COMP 4/6262: Programming UNIX Lecture 12 shells, shell programming: passing arguments, if, debug March 13, 2006 Outline shells shell programming passing arguments (KW Ch.7) exit status if (KW Ch.8) test
More informationG54ADM Sample Exam Questions and Answers
G54ADM Sample Exam Questions and Answers Question 1 Compulsory Question (34 marks) (a) i. Explain the purpose of the UNIX password file. (2 marks) ii. Why doesn t the password file contain passwords? (2
More informationBasic Linux Security. Roman Bohuk University of Virginia
Basic Linux Security Roman Bohuk University of Virginia What is Linux? An open source operating system Project started by Linus Torvalds kernel Kernel: core program that controls everything else (controls
More informationLab 2: Linux/Unix shell
Lab 2: Linux/Unix shell Comp Sci 1585 Data Structures Lab: Tools for Computer Scientists Outline 1 2 3 4 5 6 7 What is a shell? What is a shell? login is a program that logs users in to a computer. When
More informationHow to Restrict a Login Shell Using Linux Namespaces
How to Restrict a Login Shell Using Linux Namespaces Firejail is a SUID sandbox program that reduces the risk of security breaches by restricting the running environment of untrusted applications using
More informationThe Ultimate Linux/Windows System
The Ultimate Linux/Windows System Kevin Farnham Abstract Use cross-platform applications and shared data for the ultimate Linux/Windows system. I recently converted my Toshiba notebook computer into a
More informationDisks, Filesystems 1
Disks, Filesystems 1 sudo and PATH (environment) disks partitioning formatting file systems: mkfs command checking file system integrity: fsck command /etc/fstab mounting file systems: mount command unmounting
More informationBasic Shell Commands. Bok, Jong Soon
Basic Shell Commands Bok, Jong Soon javaexpert@nate.com www.javaexpert.co.kr Focusing on Linux Commands These days, many important tasks in Linux can be done from both graphical interfaces and from commands.
More informationbash Execution Control COMP2101 Winter 2019
bash Execution Control COMP2101 Winter 2019 Bash Execution Control Scripts commonly can evaluate situations and make simple decisions about actions to take Simple evaluations and actions can be accomplished
More informationFilesystem Hierarchy Operating systems I800 Edmund Laugasson
Filesystem Hierarchy Operating systems I800 Edmund Laugasson edmund.laugasson@itcollege.ee There has been used materials from Margus Ernits, Katrin Loodus when creating current slides. Current document
More informationMore Raspian. An editor Configuration files Shell scripts Shell variables System admin
More Raspian An editor Configuration files Shell scripts Shell variables System admin Nano, a simple editor Nano does not require the mouse. You must use your keyboard to move around the file and make
More informationInformation System Audit Engr. Abdul-Rahman Mahmood MS, PMP, MCP, QMR(ISO9001:2000)
Information System Audit Engr. Abdul-Rahman Mahmood MS, PMP, MCP, QMR(ISO9001:2000) armahmood786@yahoo.com alphasecure@gmail.com alphapeeler.sf.net/pubkeys/pkey.htm http://alphapeeler.sourceforge.net pk.linkedin.com/in/armahmood
More informationGNU/Linux 101. Casey McLaughlin. Research Computing Center Spring Workshop Series 2018
GNU/Linux 101 Casey McLaughlin Research Computing Center Spring Workshop Series 2018 rccworkshop IC;3df4mu bash-2.1~# man workshop Linux101 RCC Workshop L101 OBJECTIVES - Operating system concepts - Linux
More informationLinux Essentials. Smith, Roderick W. Table of Contents ISBN-13: Introduction xvii. Chapter 1 Selecting an Operating System 1
Linux Essentials Smith, Roderick W. ISBN-13: 9781118106792 Table of Contents Introduction xvii Chapter 1 Selecting an Operating System 1 What Is an OS? 1 What Is a Kernel? 1 What Else Identifies an OS?
More informationFile System Hierarchy Standard (FHS)
File System Hierarchy Standard (FHS) Filesystem hierarchy standard describes directory structure and its content in Unix and Unix like operating system. It explains where files and directories should be
More informationList of Linux Commands in an IPm
List of Linux Commands in an IPm Directory structure for Executables bin: ash cpio false ln mount rm tar zcat busybox date getopt login mv rmdir touch cat dd grep ls perl sed true chgrp df gunzip mkdir
More informationIntroduction to UNIX. Logging in. Basic System Architecture 10/7/10. most systems have graphical login on Linux machines
Introduction to UNIX Logging in Basic system architecture Getting help Intro to shell (tcsh) Basic UNIX File Maintenance Intro to emacs I/O Redirection Shell scripts Logging in most systems have graphical
More informationCS197U: A Hands on Introduction to Unix
CS197U: A Hands on Introduction to Unix Lecture 3: UNIX Operating System Organization Tian Guo CICS, Umass Amherst 1 Reminders Assignment 2 is due THURSDAY 09/24 at 3:45 pm Directions are on the website
More informationWelcome to getting started with Ubuntu Server. This System Administrator Manual. guide to be simple to follow, with step by step instructions
Welcome to getting started with Ubuntu 12.04 Server. This System Administrator Manual guide to be simple to follow, with step by step instructions with screenshots INDEX 1.Installation of Ubuntu 12.04
More informationCompTIA Linux+ Guide to Linux Certification Fourth Edition. Chapter 2 Linux Installation and Usage
CompTIA Linux+ Guide to Linux Certification Fourth Edition Chapter 2 Linux Installation and Usage Objectives Prepare for and install Fedora Linux using good practices Outline the structure of the Linux
More informationMemory Analysis. CSF: Forensics Cyber-Security. Part II. Basic Techniques and Tools for Digital Forensics. Fall 2018 Nuno Santos
Memory Analysis Part II. Basic Techniques and Tools for Digital Forensics CSF: Forensics Cyber-Security Fall 2018 Nuno Santos Previous classes Files, steganography, watermarking Source of digital evidence
More informationCS 642 Homework #4. Due Date: 11:59 p.m. on Tuesday, May 1, Warning!
CS 642 Homework #4 Due Date: 11:59 p.m. on Tuesday, May 1, 2007 Warning! In this assignment, you will construct and launch attacks against a vulnerable computer on the CS network. The network administrators
More informationIntroduction to Linux (Part I) BUPT/QMUL 2018/03/14
Introduction to Linux (Part I) BUPT/QMUL 2018/03/14 Contents 1. Background on Linux 2. Starting / Finishing 3. Typing Linux Commands 4. Commands to Use Right Away 5. Linux help continued 2 Contents 6.
More informationDisks, Filesystems, Booting Todd Kelley CST8177 Todd Kelley 1
Disks, Filesystems, Booting Todd Kelley kelleyt@algonquincollege.com CST8177 Todd Kelley 1 sudo and PATH (environment) disks partitioning formatting file systems: mkfs command checking file system integrity:
More informationLinux Files and the File System
Linux Files and the File System 1. Files a. Overview A simple description of the UNIX system, also applicable to Linux, is this: "On a UNIX system, everything is a file; if something is not a file, it
More informationBash scripting basics
Bash scripting basics prepared by Anatoliy Antonov for ESSReS community September 2012 1 Outline Definitions Foundations Flow control References and exercises 2 Definitions 3 Definitions Script - [small]
More informationActual4Test. Actual4test - actual test exam dumps-pass for IT exams
Actual4Test http://www.actual4test.com Actual4test - actual test exam dumps-pass for IT exams Exam : 117-102 Title : General Linux, Part 2 Vendor : Lpi Version : DEMO Get Latest & Valid 117-102 Exam's
More informationCommands are in black
Starting From the Shell Prompt (Terminal) Commands are in black / +--------+---------+-------+---------+---------+------ +------ +------ +------ +------ +------ +-- Bin boot dev etc home media sbin bin
More informationSANJAY GHODAWAT POLYTECHNIC
EXPERIMENT NO. 01 Name of Experiment Implement following commands with their options: ps and kill. df and du mount and umount. (4 Hours) Prerequisite of. / execution of Basic knowledge about linux command.
More informationFull file at https://fratstock.eu
Guide to UNIX Using Linux Fourth Edition Chapter 2 Solutions Answers to the Chapter 2 Review Questions 1. Your company is discussing plans to migrate desktop and laptop users to Linux. One concern raised
More informationCS 307: UNIX PROGRAMMING ENVIRONMENT FIND COMMAND
CS 307: UNIX PROGRAMMING ENVIRONMENT FIND COMMAND Prof. Michael J. Reale Fall 2014 Finding Files in a Directory Tree Suppose you want to find a file with a certain filename (or with a filename matching
More informationIncident Response Toolkit :
Incident Response Toolkit : Initial Incident Response Handling Sunday, August 24, 2003 Balwant Rathore, CISSP Founder, Open Information System Security Group 1 Index Keep the Toolkit CD Handy Sample Toolkit
More informationComputer Forensics: Investigating File and Operating Systems, Wireless Networks, and Storage, 2nd Edition. Chapter 6 Linux Forensics
Computer Forensics: Investigating File and Operating Systems, Wireless Networks, and Storage, 2nd Edition Chapter 6 Linux Forensics Objectives After completing this chapter, you should be able to: Create
More informationEmbedded System Design
Embedded System Design Lecture 10 Jaeyong Chung Systems-on-Chips (SoC) Laboratory Incheon National University Environment Variables Environment variables are a set of dynamic named values that can affect
More informationCS 300. Data Structures
CS 300 Data Structures Start VirtualBox Search or Windows Run C:\CS300 Launches CS 300/360 Virtual Machine (Eventually) Logon with Zeus password Syllabus http://zeus.cs.pacificu.edu/chadd/cs300f18/syllabus.html
More informationCourse 144 Supplementary Materials. UNIX Fundamentals
Course 144 Supplementary Materials UNIX Fundamentals 1 Background to UNIX Command Fundamentals This appendix provides a overview of critical commands and concepts Prerequisite knowledge attendees should
More informationCS155: Computer Security Spring Project #1
CS155: Computer Security Spring 2018 Project #1 Due: Part 1: Thursday, April 12-11:59pm, Parts 2 and 3: Thursday, April 19-11:59pm. The goal of this assignment is to gain hands-on experience finding vulnerabilities
More informationLinux Essentials. Programming and Data Structures Lab M Tech CS First Year, First Semester
Linux Essentials Programming and Data Structures Lab M Tech CS First Year, First Semester Adapted from PDS Lab 2014 and 2015 Login, Logout, Password $ ssh mtc16xx@192.168.---.--- $ ssh X mtc16xx@192.168.---.---
More informationBy M.Sc. I.T Alaa A. Mahdi
University of Babylon, IT College Information Network Dep., Third Class, Second Semester MTCNA Course MikroTik Certified Network Associate 2014-2015 By M.Sc. I.T Alaa A. Mahdi Objectives Upgrade RouterOS
More informationQ) Q) What is Linux and why is it so popular? Answer - Linux is an operating system that uses UNIX like Operating system...
Q) Q) What is Linux and why is it so popular? Answer - Linux is an operating system that uses UNIX like Operating system... Q) Q) What is the difference between home directory and working directory? Answer
More informationLinux Essentials Objectives Topics:
Linux Essentials Linux Essentials is a professional development certificate program that covers basic knowledge for those working and studying Open Source and various distributions of Linux. Exam Objectives
More informationminit Felix von Leitner September 2004 minit
minit Felix von Leitner felix-minit@fefe.de September 2004 minit What is this all about? This talk is about a new init program called minit. Several itches needed scratching: 1. Typical Linux distributions
More informationCSE 390a Lecture 2. Exploring Shell Commands, Streams, and Redirection
1 CSE 390a Lecture 2 Exploring Shell Commands, Streams, and Redirection slides created by Marty Stepp, modified by Jessica Miller & Ruth Anderson http://www.cs.washington.edu/390a/ 2 Lecture summary Unix
More informationUnix Introduction to UNIX
Unix Introduction to UNIX Get Started Introduction The UNIX operating system Set of programs that act as a link between the computer and the user. Developed in 1969 by a group of AT&T employees Various
More informationGNU/Linux: An Essential Guide for Students Undertaking BLOSSOM
Copyright: The development of this document is funded by Higher Education of Academy. Permission is granted to copy, distribute and /or modify this document under a license compliant with the Creative
More informationBuilding the Perfect Backtrack 4 USB Thumb Drive
Building the Perfect Backtrack 4 USB Thumb Drive This how-to will show you a method for building a USB thumb drive with the following features: Persistent Changes Files saved and changes made will be kept
More informationCSE 265: System and Network Administration
CSE 265: System and Network Administration System startup and shutdown Bootstrapping Booting PCs Boot loaders Booting into single user mode Startup scripts Rebooting and shutting down Bootstrapping i.e.,
More informationCSE 265: System and Network Administration
CSE 265: System and Network Administration System startup and shutdown Bootstrapping Booting PCs Boot loaders Booting into single user mode Startup scripts Rebooting and shutting down Bootstrapping i.e.,
More informationOverview of the UNIX File System
Overview of the UNIX File System Navigating and Viewing Directories Adapted from Practical Unix and Programming Hunter College Copyright 2006 Stewart Weiss The UNIX file system The most distinguishing
More informationStartup, Login, Logout scripts. By James Reynolds
Startup, Login, Logout scripts By James Reynolds Startup, Login, Logout scripts Startup script? Runs at startup time Login script? Runs right after user authenticates Runs before Finder loads Logout script?
More informationI/O and Shell Scripting
I/O and Shell Scripting File Descriptors Redirecting Standard Error Shell Scripts Making a Shell Script Executable Specifying Which Shell Will Run a Script Comments in Shell Scripts File Descriptors Resources
More informationUnix/Linux Basics. Cpt S 223, Fall 2007 Copyright: Washington State University
Unix/Linux Basics 1 Some basics to remember Everything is case sensitive Eg., you can have two different files of the same name but different case in the same folder Console-driven (same as terminal )
More informationCS Unix Tools. Lecture 2 Fall Hussam Abu-Libdeh based on slides by David Slater. September 10, 2010
Lecture 2 Fall 2010 Hussam Abu-Libdeh based on slides by David Slater September 10, 2010 Last Time We had a brief discussion On The Origin of Species *nix systems Today We roll our sleeves and get our
More informationCSE 303 Lecture 2. Introduction to bash shell. read Linux Pocket Guide pp , 58-59, 60, 65-70, 71-72, 77-80
CSE 303 Lecture 2 Introduction to bash shell read Linux Pocket Guide pp. 37-46, 58-59, 60, 65-70, 71-72, 77-80 slides created by Marty Stepp http://www.cs.washington.edu/303/ 1 Unix file system structure
More informationDisks, Filesystems Todd Kelley CST8177 Todd Kelley 1
Disks, Filesystems Todd Kelley kelleyt@algonquincollege.com CST8177 Todd Kelley 1 sudo and PATH (environment) disks partitioning formatting file systems: mkfs command checking file system integrity: fsck
More informationEECS2301. Lab 1 Winter 2016
EECS2301 Lab 1 Winter 2016 Lab Objectives In this lab, you will be introduced to the Linux operating system. The basic commands will be presented in this lab. By the end of you alb, you will be asked to
More informationANALYSIS AND VALIDATION
UNIT V ANALYSIS AND VALIDATION Validating Forensics Objectives Determine what data to analyze in a computer forensics investigation Explain tools used to validate data Explain common data-hiding techniques
More informationThe Unix Shell & Shell Scripts
The Unix Shell & Shell Scripts You should do steps 1 to 7 before going to the lab. Use the Linux system you installed in the previous lab. In the lab do step 8, the TA may give you additional exercises
More informationCSC 2500: Unix Lab Fall 2016
CSC 2500: Unix Lab Fall 2016 Control Statements in Shell Scripts: Decision Mohammad Ashiqur Rahman Department of Computer Science College of Engineering Tennessee Tech University Agenda User Input Special
More informationWindows Live Acquisition/Triage Using FOSS and AChoir
Windows Live Acquisition/Triage Using FOSS and AChoir Who Am I D0n Quix0te @OMENScan or OMENScan@Gmail.com Creator of OMENS, OMENSApp, AChoir Global Incident Response @ Live Nation 16 Years @ NASA 7 Years
More informationHome Page. Title Page. Contents. Page 1 of 17. Version Control. Go Back. Ken Bloom. Full Screen. Linux User Group of Davis March 1, Close.
Page 1 of 17 Version Control Ken Bloom Linux User Group of Davis March 1, 2005 Page 2 of 17 1. Version Control Systems CVS BitKeeper Arch Subversion SVK 2. CVS 2.1. History started in 1986 as a bunch of
More informationUnix as a Platform Exercises + Solutions. Course Code: OS 01 UNXPLAT
Unix as a Platform Exercises + Solutions Course Code: OS 01 UNXPLAT Working with Unix Most if not all of these will require some investigation in the man pages. That's the idea, to get them used to looking
More informationPrograms. Program: Set of commands stored in a file Stored on disk Starting a program creates a process static Process: Program loaded in RAM dynamic
Programs Program: Set of commands stored in a file Stored on disk Starting a program creates a process static Process: Program loaded in RAM dynamic Types of Processes 1. User process: Process started
More informationA Brief Introduction to the Linux Shell for Data Science
A Brief Introduction to the Linux Shell for Data Science Aris Anagnostopoulos 1 Introduction Here we will see a brief introduction of the Linux command line or shell as it is called. Linux is a Unix-like
More informationUSER GUIDE. Snow Inventory Agent for Unix. Version 5. Release date Document date SNOWSOFTWARE.COM
USER GUIDE Product Snow Inventory Agent for Unix Version 5 Release date 2016-09-27 Document date 2017-10-24 CONTENTS 1 Introduction... 3 1.1 Prerequisites... 3 2 Installation... 5 2.1 Prepared installation
More informationEnvironment Variables
Environment Variables 1 A shell is simply a program that supplies certain services to users. As such, a shell may take parameters whose values modify or define certain behaviors. These parameters (or shell
More informationContents in Detail. Acknowledgments
Acknowledgments xix Introduction What s in This Book... xxii What Is Ethical Hacking?... xxiii Penetration Testing... xxiii Military and Espionage... xxiii Why Hackers Use Linux... xxiv Linux Is Open Source....
More informationCSE 390a Lecture 2. Exploring Shell Commands, Streams, Redirection, and Processes
CSE 390a Lecture 2 Exploring Shell Commands, Streams, Redirection, and Processes slides created by Marty Stepp, modified by Jessica Miller & Ruth Anderson http://www.cs.washington.edu/390a/ 1 2 Lecture
More information9.2 Linux Essentials Exam Objectives
9.2 Linux Essentials Exam Objectives This chapter will cover the topics for the following Linux Essentials exam objectives: Topic 3: The Power of the Command Line (weight: 10) 3.3: Turning Commands into
More informationExam : 1Z Title : Enterprise Linux System Administration. Version : DEMO
Exam : 1Z0-403 Title : Enterprise Linux System Administration Version : DEMO 1. You are logged in to server1 and want to allow remote connections to server1 through X Display Manager Control Protocol (XDMCP).
More informationSystems Programming/ C and UNIX
Systems Programming/ C and UNIX Alice E. Fischer September 6, 2017 Alice E. Fischer Systems Programming Lecture 2... 1/28 September 6, 2017 1 / 28 Outline 1 Booting into Linux 2 The Command Shell 3 Defining
More informationIntroduction to Shell Scripting
Introduction to Shell Scripting Evan Bollig and Geoffrey Womeldorff Presenter Yusong Liu Before we begin... Everyone please visit this page for example scripts and grab a crib sheet from the front http://www.scs.fsu.edu/~bollig/techseries
More informationCS197U: A Hands on Introduction to Unix
CS197U: A Hands on Introduction to Unix Lecture 11: WWW and Wrap up Tian Guo University of Massachusetts Amherst CICS 1 Reminders Assignment 4 was graded and scores on Moodle Assignment 5 was due and you
More informationUnix as a Platform Exercises. Course Code: OS-01-UNXPLAT
Unix as a Platform Exercises Course Code: OS-01-UNXPLAT Working with Unix 1. Use the on-line manual page to determine the option for cat, which causes nonprintable characters to be displayed. Run the command
More informationTopics. Installation Basics of Using GNU/ Linux Administration Tools
GNU/ Linux Basics Topics Installation Basics of Using GNU/ Linux Administration Tools Installation Installing Using the GUI Disc Partitioning Allocation of swap space Selection of packages to install Configuring
More informationFormat Hard Drive After Install Ubuntu From Usb
Format Hard Drive After Install Ubuntu From Usb is it possible to format and partition the new hdd (external to my laptop, and connected to my laptop via sata-usb adapter), and install Ubuntu on the new
More informationShell Programming Overview
Overview Shell programming is a way of taking several command line instructions that you would use in a Unix command prompt and incorporating them into one program. There are many versions of Unix. Some
More informationLinux Home Lab Environment
Environment Introduction Welcome! The best way to learn for most IT people is to actually do it, so that s the goal of this selfpaced lab workbook. The skills outlined here will begin to prepare you for
More informationCSCM98 Lab Class #5 Getting familiar with the command line
CSCM98 Lab Class #5 Getting familiar with the command line Lab Class Description. Unix has some powerful commands that can be combined inside shell scripts. Today we will have a look at various commands
More informationMovidius Neural Compute Stick
Movidius Neural Compute Stick You may not use or facilitate the use of this document in connection with any infringement or other legal analysis concerning Intel products described herein. You agree to
More informationB a s h s c r i p t i n g
8 Bash Scripting Any self-respecting hacker must be able to write scripts. For that matter, any selfrespecting Linux administrator must be able to script. Hackers often need to automate commands, sometimes
More informationOPERATING SYSTEMS LINUX
OPERATING SYSTEMS LINUX Božo Krstajić, PhD, University of Montenegro Podgorica bozok@cg.ac.yu Process management Linux operating systems work with processes. Basically a process consists of program code
More informationKNOPPIX Bootable CD Validation Study for Live Forensic Preview of Suspects Computer
KNOPPIX Bootable CD Validation Study for Live Forensic Preview of Suspects Computer By: Ernest Baca www.linux-forensics.com ebaca@linux-forensics.com Page 1 of 18 Introduction I have recently become very
More informationDetecting Computer Intrusions: Are You Pwned? Steve Anson HITB 8 Oct 2009
Detecting Computer Intrusions: Are You Pwned? Steve Anson HITB 8 Oct 2009 Steve Anson Former computer agent for the U.S. Department of Defense and Federal Bureau of Investigation (FBI) Cybercrime Task
More information