TY - GEN
T1 - Live forensic analysis of a compromised linux system using LECT (Linux Evidence Collection Tool)
AU - Choi, Joonho
AU - Savoldi, Antonio
AU - Gubian, Paolo
AU - Lee, Seokhee
AU - Lee, Sangjin
N1 - Copyright:
Copyright 2008 Elsevier B.V., All rights reserved.
PY - 2008
Y1 - 2008
N2 - The Linux operating system has been used as a server system in plenty of business services worldwide. Nowadays, a lot of incident response approaches on such kind of platform have been established by many researchers active in the computer forensic discipline. Interestingly, many frameworks about how to deal with a live digital investigation on a Linux systems have been illustrated in the forensic literature. Conversely, as a matter of fact, there are not so many tools for approaching live forensic of a Linux system. Thus, we have developed and implemented a new framework to deal with a compromised Linux system in a digital forensic investigation. The resulting framework has been called LECT (Linux Evidence Collection Tool) ant aims to represent a significant contribution in the field of live forensic analysis of Linux based systems.
AB - The Linux operating system has been used as a server system in plenty of business services worldwide. Nowadays, a lot of incident response approaches on such kind of platform have been established by many researchers active in the computer forensic discipline. Interestingly, many frameworks about how to deal with a live digital investigation on a Linux systems have been illustrated in the forensic literature. Conversely, as a matter of fact, there are not so many tools for approaching live forensic of a Linux system. Thus, we have developed and implemented a new framework to deal with a compromised Linux system in a digital forensic investigation. The resulting framework has been called LECT (Linux Evidence Collection Tool) ant aims to represent a significant contribution in the field of live forensic analysis of Linux based systems.
UR - http://www.scopus.com/inward/record.url?scp=51349083608&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=51349083608&partnerID=8YFLogxK
U2 - 10.1109/ISA.2008.41
DO - 10.1109/ISA.2008.41
M3 - Conference contribution
AN - SCOPUS:51349083608
SN - 9780769531267
T3 - Proceedings of the 2nd International Conference on Information Security and Assurance, ISA 2008
SP - 231
EP - 236
BT - Proceedings of the 2nd International Conference on Information Security and Assurance, ISA 2008
T2 - 2nd International Conference on Information Security and Assurance, ISA 2008
Y2 - 24 April 2008 through 26 April 2008
ER -