Security Portal: Computer Crime Investigator's Toolkit: Part IJan 03, 2001, 07:44 (0 Talkback[s])
(Other stories by Ronald L. Mendell)
"What I've tried to do is devise a summary of basic, practical knowledge, "tricks," if you like, that should interest all computer crime investigators. While they may not be the final word in preparing for an examination, these techniques will provide some insight into the ways and means of computer criminals. I hope to get you into the spirit of the hunt. Learning to think how a criminal looks at twisting, altering, hiding, and diverting information will definitely make the game more interesting. This is a pathfinder, a starting point to discovering other resources...."
"Unix serves as a wonderful training ground for computer security specialists. It teaches about access permissions for objects; learning about those rwx's in directory listings gives one an appreciation for granular security. It builds on MS-DOS knowledge: hidden files are "dot files" in Unix. They become visible by the "ls-al" command (very similar to dir /a:h). Unix expands on MS-DOS' piping and redirection capabilities. Searching or manipulating files and directories using FIND and SORT, an investigator, for example, can search a directory for inactive files (by date) and pipe the results into a report file."
"Using Unix's scripting capabilities (similar to DOS batch files), an investigator may create combinations of commands into specialized programs to conduct security audits and to do file checking as a part of an inquiry. The GREP command searches files or directories that contain a particular character string. This capability provides for granular searching."