Security Portal: Computer Crime Investigator’s Toolkit: Part I

“What I’ve tried to do is devise a summary of basic, practical
knowledge, “tricks,” if you like, that should interest all computer
crime investigators. While they may not be the final word in
preparing for an examination, these techniques will provide some
insight into the ways and means of computer criminals. I hope to
get you into the spirit of the hunt. Learning to think how a
criminal looks at twisting, altering, hiding, and diverting
information will definitely make the game more interesting. This is
a pathfinder, a starting point to discovering other

“Unix serves as a wonderful training ground for computer
security specialists. It teaches about access permissions for
objects; learning about those rwx’s in directory listings gives one
an appreciation for granular security. It builds on MS-DOS
knowledge: hidden files are “dot files” in Unix. They become
visible by the “ls-al” command (very similar to dir /a:h). Unix
expands on MS-DOS’ piping and redirection capabilities. Searching
or manipulating files and directories using FIND and SORT, an
investigator, for example, can search a directory for inactive
files (by date) and pipe the results into a report file.”

“Using Unix’s scripting capabilities (similar to DOS batch
files), an investigator may create combinations of commands into
specialized programs to conduct security audits and to do file
checking as a part of an inquiry. The GREP command searches files
or directories that contain a particular character string. This
capability provides for granular searching.”


Get the Free Newsletter!

Subscribe to Developer Insider for top news, trends, & analysis