Live forensic analysis of a compromised linux system using LECT (Linux Evidence Collection Tool)

Joonho Choi, Antonio Savoldi, Paolo Gubian, Seokhee Lee, Sangjin Lee

    Research output: Chapter in Book/Report/Conference proceedingConference contribution

    6 Citations (Scopus)

    Abstract

    The Linux operating system has been used as a server system in plenty of business services worldwide. Nowadays, a lot of incident response approaches on such kind of platform have been established by many researchers active in the computer forensic discipline. Interestingly, many frameworks about how to deal with a live digital investigation on a Linux systems have been illustrated in the forensic literature. Conversely, as a matter of fact, there are not so many tools for approaching live forensic of a Linux system. Thus, we have developed and implemented a new framework to deal with a compromised Linux system in a digital forensic investigation. The resulting framework has been called LECT (Linux Evidence Collection Tool) ant aims to represent a significant contribution in the field of live forensic analysis of Linux based systems.

    Original languageEnglish
    Title of host publicationProceedings of the 2nd International Conference on Information Security and Assurance, ISA 2008
    Pages231-236
    Number of pages6
    DOIs
    Publication statusPublished - 2008
    Event2nd International Conference on Information Security and Assurance, ISA 2008 - Busan, Korea, Republic of
    Duration: 2008 Apr 242008 Apr 26

    Publication series

    NameProceedings of the 2nd International Conference on Information Security and Assurance, ISA 2008

    Other

    Other2nd International Conference on Information Security and Assurance, ISA 2008
    Country/TerritoryKorea, Republic of
    CityBusan
    Period08/4/2408/4/26

    ASJC Scopus subject areas

    • Computer Networks and Communications
    • Information Systems and Management
    • Electrical and Electronic Engineering
    • Communication

    Fingerprint

    Dive into the research topics of 'Live forensic analysis of a compromised linux system using LECT (Linux Evidence Collection Tool)'. Together they form a unique fingerprint.

    Cite this