Live forensic analysis of a compromised linux system using LECT (Linux Evidence Collection Tool)

Joonho Choi, Antonio Savoldi, Paolo Gubian, Seokhee Lee, Sangjin Lee

Research output: Chapter in Book/Report/Conference proceedingConference contribution

6 Citations (Scopus)

Abstract

The Linux operating system has been used as a server system in plenty of business services worldwide. Nowadays, a lot of incident response approaches on such kind of platform have been established by many researchers active in the computer forensic discipline. Interestingly, many frameworks about how to deal with a live digital investigation on a Linux systems have been illustrated in the forensic literature. Conversely, as a matter of fact, there are not so many tools for approaching live forensic of a Linux system. Thus, we have developed and implemented a new framework to deal with a compromised Linux system in a digital forensic investigation. The resulting framework has been called LECT (Linux Evidence Collection Tool) ant aims to represent a significant contribution in the field of live forensic analysis of Linux based systems.

Original languageEnglish
Title of host publicationProceedings of the 2nd International Conference on Information Security and Assurance, ISA 2008
Pages231-236
Number of pages6
DOIs
Publication statusPublished - 2008 Sep 15
Event2nd International Conference on Information Security and Assurance, ISA 2008 - Busan, Korea, Republic of
Duration: 2008 Apr 242008 Apr 26

Other

Other2nd International Conference on Information Security and Assurance, ISA 2008
CountryKorea, Republic of
CityBusan
Period08/4/2408/4/26

Fingerprint

evidence
Computer forensics
business service
Computer operating systems
Linux
incident
Computer systems
Servers
Industry
Digital forensics
literature
Incidents
Ants
Business services

ASJC Scopus subject areas

  • Computer Networks and Communications
  • Information Systems and Management
  • Electrical and Electronic Engineering
  • Communication

Cite this

Choi, J., Savoldi, A., Gubian, P., Lee, S., & Lee, S. (2008). Live forensic analysis of a compromised linux system using LECT (Linux Evidence Collection Tool). In Proceedings of the 2nd International Conference on Information Security and Assurance, ISA 2008 (pp. 231-236). [4511568] https://doi.org/10.1109/ISA.2008.41

Live forensic analysis of a compromised linux system using LECT (Linux Evidence Collection Tool). / Choi, Joonho; Savoldi, Antonio; Gubian, Paolo; Lee, Seokhee; Lee, Sangjin.

Proceedings of the 2nd International Conference on Information Security and Assurance, ISA 2008. 2008. p. 231-236 4511568.

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Choi, J, Savoldi, A, Gubian, P, Lee, S & Lee, S 2008, Live forensic analysis of a compromised linux system using LECT (Linux Evidence Collection Tool). in Proceedings of the 2nd International Conference on Information Security and Assurance, ISA 2008., 4511568, pp. 231-236, 2nd International Conference on Information Security and Assurance, ISA 2008, Busan, Korea, Republic of, 08/4/24. https://doi.org/10.1109/ISA.2008.41
Choi J, Savoldi A, Gubian P, Lee S, Lee S. Live forensic analysis of a compromised linux system using LECT (Linux Evidence Collection Tool). In Proceedings of the 2nd International Conference on Information Security and Assurance, ISA 2008. 2008. p. 231-236. 4511568 https://doi.org/10.1109/ISA.2008.41
Choi, Joonho ; Savoldi, Antonio ; Gubian, Paolo ; Lee, Seokhee ; Lee, Sangjin. / Live forensic analysis of a compromised linux system using LECT (Linux Evidence Collection Tool). Proceedings of the 2nd International Conference on Information Security and Assurance, ISA 2008. 2008. pp. 231-236
@inproceedings{5fddc9459e694fc2bd78d597e9479d3b,
title = "Live forensic analysis of a compromised linux system using LECT (Linux Evidence Collection Tool)",
abstract = "The Linux operating system has been used as a server system in plenty of business services worldwide. Nowadays, a lot of incident response approaches on such kind of platform have been established by many researchers active in the computer forensic discipline. Interestingly, many frameworks about how to deal with a live digital investigation on a Linux systems have been illustrated in the forensic literature. Conversely, as a matter of fact, there are not so many tools for approaching live forensic of a Linux system. Thus, we have developed and implemented a new framework to deal with a compromised Linux system in a digital forensic investigation. The resulting framework has been called LECT (Linux Evidence Collection Tool) ant aims to represent a significant contribution in the field of live forensic analysis of Linux based systems.",
author = "Joonho Choi and Antonio Savoldi and Paolo Gubian and Seokhee Lee and Sangjin Lee",
year = "2008",
month = "9",
day = "15",
doi = "10.1109/ISA.2008.41",
language = "English",
isbn = "9780769531267",
pages = "231--236",
booktitle = "Proceedings of the 2nd International Conference on Information Security and Assurance, ISA 2008",

}

TY - GEN

T1 - Live forensic analysis of a compromised linux system using LECT (Linux Evidence Collection Tool)

AU - Choi, Joonho

AU - Savoldi, Antonio

AU - Gubian, Paolo

AU - Lee, Seokhee

AU - Lee, Sangjin

PY - 2008/9/15

Y1 - 2008/9/15

N2 - The Linux operating system has been used as a server system in plenty of business services worldwide. Nowadays, a lot of incident response approaches on such kind of platform have been established by many researchers active in the computer forensic discipline. Interestingly, many frameworks about how to deal with a live digital investigation on a Linux systems have been illustrated in the forensic literature. Conversely, as a matter of fact, there are not so many tools for approaching live forensic of a Linux system. Thus, we have developed and implemented a new framework to deal with a compromised Linux system in a digital forensic investigation. The resulting framework has been called LECT (Linux Evidence Collection Tool) ant aims to represent a significant contribution in the field of live forensic analysis of Linux based systems.

AB - The Linux operating system has been used as a server system in plenty of business services worldwide. Nowadays, a lot of incident response approaches on such kind of platform have been established by many researchers active in the computer forensic discipline. Interestingly, many frameworks about how to deal with a live digital investigation on a Linux systems have been illustrated in the forensic literature. Conversely, as a matter of fact, there are not so many tools for approaching live forensic of a Linux system. Thus, we have developed and implemented a new framework to deal with a compromised Linux system in a digital forensic investigation. The resulting framework has been called LECT (Linux Evidence Collection Tool) ant aims to represent a significant contribution in the field of live forensic analysis of Linux based systems.

UR - http://www.scopus.com/inward/record.url?scp=51349083608&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=51349083608&partnerID=8YFLogxK

U2 - 10.1109/ISA.2008.41

DO - 10.1109/ISA.2008.41

M3 - Conference contribution

AN - SCOPUS:51349083608

SN - 9780769531267

SP - 231

EP - 236

BT - Proceedings of the 2nd International Conference on Information Security and Assurance, ISA 2008

ER -