security question
hi
Ok, I have some security questions lets think about when somebody breaks into the system. 1. What to do to trace them. 2. How would you work out what they have been doing. 3. What they can do to destroy the evidence, 4. what the system would do to destroy the evidence, how would you figure out. any help would be appreciated. thank you |
your questions really don't make much sense without a context to put them in... how you deal with an intruder depends on how they intrude... just like real life and all that. they can do whatever their exploit of means of attack permits them to do... can't say any more than that. essentially you'd check for problems sing tools like rkhunter which look for known issues that could occur from a number of different attacks, but past that we really can't say much...
|
Search for Linux Forensics in your favorite search engine for info, whitepapers, etc..
Computer forensics is the process of investigation and analysis of an incident. |
All times are GMT -5. The time now is 01:50 AM. |