:Security Portal: Computer Crime Investigator's Toolkit: Part I
Security Portal: Computer Crime Investigator's Toolkit: Part I Jan 3, 2001, 07 :44 UTC (0 Talkback[s]) (6449 reads) (Other stories by Ronald L. Mendell)
"What I've tried to do is devise a summary of basic, practical knowledge, "tricks," if you like, that should
interest all computer crime investigators. While they may not be the final word in preparing for an
examination, these techniques will provide some insight into the ways and means of computer criminals. I
hope to get you into the spirit of the hunt. Learning to think how a criminal looks at twisting, altering,
hiding, and diverting information will definitely make the game more interesting. This is a pathfinder, a
starting point to discovering other resources...."
"Unix serves as a wonderful training ground for computer security specialists. It teaches about access
permissions for objects; learning about those rwx's in directory listings gives one an appreciation for
granular security. It builds on MS-DOS knowledge: hidden files are "dot files" in Unix. They become visible
by the "ls-al" command (very similar to dir /a:h). Unix expands on MS-DOS' piping and redirection
capabilities. Searching or manipulating files and directories using FIND and SORT, an investigator, for
example, can search a directory for inactive files (by date) and pipe the results into a report file."
"Using Unix's scripting capabilities (similar to DOS batch files), an investigator may create combinations of
commands into specialized programs to conduct security audits and to do file checking as a part of an
inquiry. The GREP command searches files or directories that contain a particular character string. This
capability provides for granular searching."
