Title :
Live Forensic Analysis of a Compromised Linux System Using LECT (Linux Evidence Collection Tool)
Author :
Choi, Joonho ; Savoldi, Antonio ; Gubian, Paolo ; Lee, Seokhee ; Lee, Sangjin
Author_Institution :
Center for Inf. Security Technol., Korea Univ., Seoul
Abstract :
The Linux operating system has been used as a server system in plenty of business services worldwide. Nowadays, a lot of incident response approaches on such kind of platform have been established by many researchers active in the computer forensic discipline. Interestingly, many frameworks about how to deal with a live digital investigation on a Linux systems have been illustrated in the forensic literature. Conversely, as a matter of fact, there are not so many tools for approaching live forensic of a Linux system. Thus, we have developed and implemented a new framework to deal with a compromised Linux system in a digital forensic investigation. The resulting framework has been called LECT (Linux Evidence Collection Tool) ant aims to represent a significant contribution in the field of live forensic analysis of Linux based systems.
Keywords :
Linux; security of data; Linux evidence collection tool; compromised Linux operating system; computer forensics; live forensic analysis; server system; Automation; Consumer electronics; Data security; Digital forensics; Graphical user interfaces; Information analysis; Information security; Linux; Network servers; Operating systems; Framework; Linux forensic analysis; Linux operating system; digital evidence;
Conference_Titel :
Information Security and Assurance, 2008. ISA 2008. International Conference on
Conference_Location :
Busan
Print_ISBN :
978-0-7695-3126-7
DOI :
10.1109/ISA.2008.41
