Skip to main content
Open Access Publications from the University of California

UC Davis

UC Davis Previously Published Works bannerUC Davis

Forensics For System Administrators


The word forensic analysis conjures up images of Sherlock Holmes, or scientists adorned with lab-coats, hunched over corpses. But in this article, I will lead you through steps that you can take to analyse compromised computer systems. While forensics carries with it legal connotations, requirements for evidence collection, and analysis at a level unattainable by most system administrators, my focus is what you can do without years of experience. In this article, we will walk through a pair of real, recent intrusion examples to help assist non-professional analysts with accomplishing common forensic goals.

Many UC-authored scholarly publications are freely available on this site because of the UC's open access policies. Let us know how this access is important for you.

Main Content
For improved accessibility of PDF content, download the file to your device.
Current View