Scribd Logo
Upload

Welcome to Scribd!

  • LaRon Walker - Gathering Information in Unix

    Uploaded by

    LaRon Walker
    44 views3 pages
    Information Gathering

    Copyright

    © Attribution Non-Commercial (BY-NC)

    Available Formats

    DOCX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    Information Gathering

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    44 views3 pages

    LaRon Walker - Gathering Information in Unix

    Uploaded by

    LaRon Walker
    Information Gathering

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 3

    Running Head: Unit 4 Group Project 1

    Gathering Information in UNIX

    LaRon Walker

    Master of Information Technology and Internet Security

    July, 2010

    There are many different tools investigators can use to gather information and track

    offenders. Unix-based operating systems house a vast majority of these types of tools, and are

    commonly used in computer crime investigations. These tools can include, but are not limited to

    finger, showmount, mount, echo, rlogin and whoami. These specific tools are designed to

    retrieve user information that can help locate where an intrusion or attack originates from.

    According the article Finger (2009), finger is a Unix software utility that can help

    remotely retrieve user information from another computer across networks. It can also be used

    to retrieve details from emails that are otherwise hidden from the general user. This utility can

    be very useful when trying to track the origination of email viruses, intrusions, or denial of

    service (DOS) attacks.

    Showmount is a command line utility used to show information about clients that are

    connected to an NFS server. This can be very useful to investigators when trying to determine if

    a suspect’s computer is connected to a specific NFS server. This command can display

    information about the hostname as well as the mounted directory or file system of a connected

    user.

    In basic terms, to mount a device is to make it available for access. Based on the article

    mount (2006), for users to have access to files or file systems, the drive must first be mounted.
    2

    This is a very common tool that most investigators use to access files on computers and hard

    drives, as it also allows the copying or displaying of files without altering them in any way. This

    utility plays a vital role in investigating computer crimes, and it is the most commonly used

    method in operating systems to give access to different file systems.

    The echo utility a very useful tool when you cannot see what you are typing when

    remotely connected to a host through a terminal or shell connection. Echo can also be used with

    a pipe or redirect to display the contents of files or directories. Some investigators also use the

    echo command to display the contents of environmental variables when searching for embedded

    code used to hide data.

    Per the article rlogin (2003), the rlogin tool is used to connect Unix machines to each

    other on a network. When attempting to gather information from a Unix host, investigators can

    use the rlogin utility to connect remotely to machines. Once connected, investigators can use the

    mount utility to gain access to file systems and directories, as well as run commands like echo

    and finger to gather other forensic evidence.

    The whoami utility displays information about the current user logged in to the current

    session. This is a very useful command to investigators when verifying the identity of the

    current user that is logged in to a system. In Unix, this can also help verify the current owner of

    a terminal session after running commands that may have previously required additional

    permissions (e.g. root).

    When used together, all of the above discussed Unix utilities can be a very useful toolkit

    for investigators in the process of gathering evidence in computer crimes. Investigators can use

    the rlogin utility to connect to remote Unix hosts, use the showmount utility to show the mounted
    3

    files systems, use the mount command to mount these drives, and use the echo and finger

    commands to display the contents of these file systems and directories. These tools for gathering

    information are commonly used to gather forensic evidence.

    References

    finger. (2009). In The Hutchinson Unabridged Encyclopedia with Atlas and Weather guide.

    Retrieved from http://www.credoreference.com/entry/heliconhe/finger

    mount. (2006). In High Definition: A-Z Guide to Personal Technology. Retrieved from

    http://www.credoreference.com/entry/hmhighdef/mount

    rlogin. (2003). In Webster's New World™ Computer Dictionary. Retrieved from

    http://www.credoreference.com/entry/webstercom/rlogin

    You might also like