Live forensic analysis of a compromised linux system using LECT (Linux Evidence Collection Tool)

Joonho Choi, Antonio Savoldi, Paolo Gubian, Seokhee Lee, Sangjin Lee

Research output: Chapter in Book/Report/Conference proceedingConference contribution

6 Citations (Scopus)

Abstract

The Linux operating system has been used as a server system in plenty of business services worldwide. Nowadays, a lot of incident response approaches on such kind of platform have been established by many researchers active in the computer forensic discipline. Interestingly, many frameworks about how to deal with a live digital investigation on a Linux systems have been illustrated in the forensic literature. Conversely, as a matter of fact, there are not so many tools for approaching live forensic of a Linux system. Thus, we have developed and implemented a new framework to deal with a compromised Linux system in a digital forensic investigation. The resulting framework has been called LECT (Linux Evidence Collection Tool) ant aims to represent a significant contribution in the field of live forensic analysis of Linux based systems.

Original languageEnglish
Title of host publicationProceedings of the 2nd International Conference on Information Security and Assurance, ISA 2008
Pages231-236
Number of pages6
DOIs
Publication statusPublished - 2008
Event2nd International Conference on Information Security and Assurance, ISA 2008 - Busan, Korea, Republic of
Duration: 2008 Apr 242008 Apr 26

Publication series

NameProceedings of the 2nd International Conference on Information Security and Assurance, ISA 2008

Other

Other2nd International Conference on Information Security and Assurance, ISA 2008
Country/TerritoryKorea, Republic of
CityBusan
Period08/4/2408/4/26

ASJC Scopus subject areas

  • Computer Networks and Communications
  • Information Systems and Management
  • Electrical and Electronic Engineering
  • Communication

Fingerprint

Dive into the research topics of 'Live forensic analysis of a compromised linux system using LECT (Linux Evidence Collection Tool)'. Together they form a unique fingerprint.

Cite this