Forensics For System Administrators
Published Web Locationhttp://www.usenix.org/publications/login/2005-08/pdfs/peisert.pdf
The word forensic analysis conjures up images of Sherlock Holmes, or scientists adorned with lab-coats, hunched over corpses. But in this article, I will lead you through steps that you can take to analyse compromised computer systems. While forensics carries with it legal connotations, requirements for evidence collection, and analysis at a level unattainable by most system administrators, my focus is what you can do without years of experience. In this article, we will walk through a pair of real, recent intrusion examples to help assist non-professional analysts with accomplishing common forensic goals.