Live forensic analysis of a compromised linux system using LECT (Linux Evidence Collection Tool)

Joonho Choi; Antonio Savoldi; Paolo Gubian; Seokhee Lee; Sangjin Lee

doi:10.1109/ISA.2008.41

Live forensic analysis of a compromised linux system using LECT (Linux Evidence Collection Tool)

Joonho Choi, Antonio Savoldi, Paolo Gubian, Seokhee Lee, Sangjin Lee

School of Cybersecurity

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

6 Citations (Scopus)

Abstract

The Linux operating system has been used as a server system in plenty of business services worldwide. Nowadays, a lot of incident response approaches on such kind of platform have been established by many researchers active in the computer forensic discipline. Interestingly, many frameworks about how to deal with a live digital investigation on a Linux systems have been illustrated in the forensic literature. Conversely, as a matter of fact, there are not so many tools for approaching live forensic of a Linux system. Thus, we have developed and implemented a new framework to deal with a compromised Linux system in a digital forensic investigation. The resulting framework has been called LECT (Linux Evidence Collection Tool) ant aims to represent a significant contribution in the field of live forensic analysis of Linux based systems.

Original language	English
Title of host publication	Proceedings of the 2nd International Conference on Information Security and Assurance, ISA 2008
Pages	231-236
Number of pages	6
DOIs	https://doi.org/10.1109/ISA.2008.41
Publication status	Published - 2008
Event	2nd International Conference on Information Security and Assurance, ISA 2008 - Busan, Korea, Republic of Duration: 2008 Apr 24 → 2008 Apr 26

Publication series

Name	Proceedings of the 2nd International Conference on Information Security and Assurance, ISA 2008

Other

Other	2nd International Conference on Information Security and Assurance, ISA 2008
Country/Territory	Korea, Republic of
City	Busan
Period	08/4/24 → 08/4/26

ASJC Scopus subject areas

Computer Networks and Communications
Information Systems and Management
Electrical and Electronic Engineering
Communication

Access to Document

10.1109/ISA.2008.41

Cite this

Choi, J., Savoldi, A., Gubian, P., Lee, S., & Lee, S. (2008). Live forensic analysis of a compromised linux system using LECT (Linux Evidence Collection Tool). In Proceedings of the 2nd International Conference on Information Security and Assurance, ISA 2008 (pp. 231-236). Article 4511568 (Proceedings of the 2nd International Conference on Information Security and Assurance, ISA 2008). https://doi.org/10.1109/ISA.2008.41

Live forensic analysis of a compromised linux system using LECT (Linux Evidence Collection Tool). / Choi, Joonho; Savoldi, Antonio; Gubian, Paolo et al.
Proceedings of the 2nd International Conference on Information Security and Assurance, ISA 2008. 2008. p. 231-236 4511568 (Proceedings of the 2nd International Conference on Information Security and Assurance, ISA 2008).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Choi, J, Savoldi, A, Gubian, P, Lee, S & Lee, S 2008, Live forensic analysis of a compromised linux system using LECT (Linux Evidence Collection Tool). in Proceedings of the 2nd International Conference on Information Security and Assurance, ISA 2008., 4511568, Proceedings of the 2nd International Conference on Information Security and Assurance, ISA 2008, pp. 231-236, 2nd International Conference on Information Security and Assurance, ISA 2008, Busan, Korea, Republic of, 08/4/24. https://doi.org/10.1109/ISA.2008.41

Choi J, Savoldi A, Gubian P, Lee S, Lee S. Live forensic analysis of a compromised linux system using LECT (Linux Evidence Collection Tool). In Proceedings of the 2nd International Conference on Information Security and Assurance, ISA 2008. 2008. p. 231-236. 4511568. (Proceedings of the 2nd International Conference on Information Security and Assurance, ISA 2008). doi: 10.1109/ISA.2008.41

@inproceedings{5fddc9459e694fc2bd78d597e9479d3b,

title = "Live forensic analysis of a compromised linux system using LECT (Linux Evidence Collection Tool)",

abstract = "The Linux operating system has been used as a server system in plenty of business services worldwide. Nowadays, a lot of incident response approaches on such kind of platform have been established by many researchers active in the computer forensic discipline. Interestingly, many frameworks about how to deal with a live digital investigation on a Linux systems have been illustrated in the forensic literature. Conversely, as a matter of fact, there are not so many tools for approaching live forensic of a Linux system. Thus, we have developed and implemented a new framework to deal with a compromised Linux system in a digital forensic investigation. The resulting framework has been called LECT (Linux Evidence Collection Tool) ant aims to represent a significant contribution in the field of live forensic analysis of Linux based systems.",

author = "Joonho Choi and Antonio Savoldi and Paolo Gubian and Seokhee Lee and Sangjin Lee",

year = "2008",

doi = "10.1109/ISA.2008.41",

language = "English",

isbn = "9780769531267",

series = "Proceedings of the 2nd International Conference on Information Security and Assurance, ISA 2008",

pages = "231--236",

booktitle = "Proceedings of the 2nd International Conference on Information Security and Assurance, ISA 2008",

}

TY - GEN

T1 - Live forensic analysis of a compromised linux system using LECT (Linux Evidence Collection Tool)

AU - Choi, Joonho

AU - Savoldi, Antonio

AU - Gubian, Paolo

AU - Lee, Seokhee

AU - Lee, Sangjin

PY - 2008

Y1 - 2008

N2 - The Linux operating system has been used as a server system in plenty of business services worldwide. Nowadays, a lot of incident response approaches on such kind of platform have been established by many researchers active in the computer forensic discipline. Interestingly, many frameworks about how to deal with a live digital investigation on a Linux systems have been illustrated in the forensic literature. Conversely, as a matter of fact, there are not so many tools for approaching live forensic of a Linux system. Thus, we have developed and implemented a new framework to deal with a compromised Linux system in a digital forensic investigation. The resulting framework has been called LECT (Linux Evidence Collection Tool) ant aims to represent a significant contribution in the field of live forensic analysis of Linux based systems.

AB - The Linux operating system has been used as a server system in plenty of business services worldwide. Nowadays, a lot of incident response approaches on such kind of platform have been established by many researchers active in the computer forensic discipline. Interestingly, many frameworks about how to deal with a live digital investigation on a Linux systems have been illustrated in the forensic literature. Conversely, as a matter of fact, there are not so many tools for approaching live forensic of a Linux system. Thus, we have developed and implemented a new framework to deal with a compromised Linux system in a digital forensic investigation. The resulting framework has been called LECT (Linux Evidence Collection Tool) ant aims to represent a significant contribution in the field of live forensic analysis of Linux based systems.

UR - http://www.scopus.com/inward/record.url?scp=51349083608&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=51349083608&partnerID=8YFLogxK

U2 - 10.1109/ISA.2008.41

DO - 10.1109/ISA.2008.41

M3 - Conference contribution

AN - SCOPUS:51349083608

SN - 9780769531267

T3 - Proceedings of the 2nd International Conference on Information Security and Assurance, ISA 2008

SP - 231

EP - 236

BT - Proceedings of the 2nd International Conference on Information Security and Assurance, ISA 2008

T2 - 2nd International Conference on Information Security and Assurance, ISA 2008

Y2 - 24 April 2008 through 26 April 2008

ER -

Live forensic analysis of a compromised linux system using LECT (Linux Evidence Collection Tool)

Abstract

Publication series

Other

ASJC Scopus subject areas

Access to Document

Other files and links

Fingerprint

Cite this