Intro to Cyber Crime and Computer Forensics CS 4273/6273 November 5, 2003 - PowerPoint PPT Presentation

1 / 18
About This Presentation
Title:

Intro to Cyber Crime and Computer Forensics CS 4273/6273 November 5, 2003

Description:

Title: A Practical Approach to Sufficient Infosec Subject: Information Security INFOSEC Author: Ray Vaughn Last modified by: dampier Created Date – PowerPoint PPT presentation

Number of Views:251
Avg rating:3.0/5.0
Slides: 19
Provided by: rayva9
Category:

less

Transcript and Presenter's Notes

Title: Intro to Cyber Crime and Computer Forensics CS 4273/6273 November 5, 2003


1
Intro to Cyber Crime and Computer Forensics CS
4273/6273 November 5, 2003
MISSISSIPPI STATE UNIVERSITY DEPARTMENT OF
COMPUTER SCIENCE
2
Introduction to Unix and LinuxChapter 9
MISSISSIPPI STATE UNIVERSITY DEPARTMENT OF
COMPUTER SCIENCE
3
Unix
  • UNIX is a multi-layered OS
  • From the user to the hardware
  • User/shell/file system/kernel/hardware
  • Different Variations
  • Unix System V
  • SunOS
  • Solaris
  • BSD
  • FreeBSD
  • OpenBSD
  • Linux

4
Unix
User
Shell
Kernel
Hardware
5
Unix
  • Kernel
  • Operating System Functions
  • Shell
  • Command Interpreter
  • Like Command.com in DOS
  • Switchable from one to another on the fly.

6
History of Shells
Functionality
tcsh
ksh
zsh
bash
csh
sh
rc
Taken from Unix The Textbook by Sarwar et al.
7
Shells
  • Bourne Shell
  • /bin/sh
  • First Unix Shell developed by ATT
  • C Shell
  • /bin/csh
  • Introduced interactive job control commands
  • /bin/tcsh
  • First shell to allow text-editing commands on
    command line.

8
Shells
  • Korn Shell
  • Developed by ATT researcher David Korn
  • /bin/ksh
  • Best features of both C Shell and tcsh
  • bash
  • Bourne Again Shell
  • /bin/bash
  • Most widely used on Linux
  • Functionally equivalent to Korn Shell
  • Z Shell

9
Unix File System
  • / Root Directory
  • /dev Device Directory
  • /tmp Temporary Files Directory
  • /bin Executables
  • /users User Files
  • /users/dampier Full path address of dampier
    account filespace.
  • Inodes

10
Contents of an Inode
Element Description
Owner and Group IDs Permissions are granted to users, groups and everyone
Type Regular, Directory, Character, or Device Drivers
Access Permissions Read, Write, and Execute Permissions
Times (atime, mtime, ctime) Last access of the file (access/modify/change)
Number of links Number of pointers to this inode
Pointers to Data Blocks Unix files are composed of blocks, may or may not be contiguous
File Size Can be larger than the number of blocks sometimes
11
Unix Commands
  • Ctrl-C
  • Halts Running Process
  • Ctrl-Z
  • Suspends Running Process
  • bg
  • Runs the most recently suspended process in the
    background
  • fg
  • Makes a background process the foreground process
  • jobs
  • Lists all running background jobs

12
Continued
  • awk
  • Create Scripts to find patterns in files and run
    commands on them
  • grep
  • Find text patterns in files
  • grep bomb
  • cat
  • Concatenate two files together
  • ps
  • List all jobs currently running
  • dd
  • Convert and copy a file
  • kill
  • Kill an active process

13
Files to Look For
  • History File
  • Existing scripts
  • Text files with executability turned on.
  • Password Files
  • Other Logs

14
History File
  • rm organization.bmp vi .historycdls
    .hwpdpwdcd /ls .hlsls -acd ls .bvi
    .bash_historyjobsdu vi /etc/passwdlogin
    disneytelnet disneyfgexit

15
Directory Listing
  • total 34456-rwxr--r-- 1 dampier staff
    58880 Sep 18 2002 Chapter25.ppt-rwxr--r-- 1
    dampier staff 83968 Jun 21 2000
    Chapter30.ppt-rw-r--r-- 1 dampier staff
    262078 Jan 21 0900 Coldnose.gif-rwxr--r-- 1
    dampier staff 44032 Sep 30 2002
    ComputerCrime.course.doc-rwxr--r-x 1 dampier
    staff 25600 Feb 20 1400 Consistency.txt-rw-
    r--r-- 1 dampier staff 26624 Sep 11 2002
    HYPOTHESIS.doc-rw-r--r-- 1 dampier staff
    322578 Mar 8 2002 LCM.zip-rwxr--r-- 1
    dampier staff 57856 Feb 19 1455
    Lesson7.ppt-rw------- 1 dampier staff
    629248 Oct 14 0947 MSWE635lesson6.pptdrwx------
    2 dampier staff 2048 Apr 1 1814
    Mail-rw-r--r-- 1 dampier staff 292864 Nov
    26 1308 OORA.ppt-rwxr--r-- 1 dampier staff
    60928 Jan 21 1353 P2002044SofteDAM.doc-rwxr--
    r-- 1 dampier staff 73216 Feb 5 1416
    P2003054COMPUDAM.doc-rwx------ 1 dampier
    staff 26112 Jan 17 1424 POS_NDU_Mapping.doc
     

16
Password File
  • rootx01Super-User//sbin/sh
  • daemonx11/
  • binx22/usr/bin
  • sysx33/
  • admx44Admin/var/adm
  • lpx718Line Printer Admin/usr/spool/lp
  • uucpx55uucp Admin/usr/lib/uucp
  • nuucpx99uucp Admin/var/spool/uucppublic/usr/
    lib/uucp/uucico
  • listenx374Network Admin/usr/net/nls
  • nobodyx6000160001Nobody/
  • noaccessx6000260002No Access User/
  • nobody4x6553465534SunOS 4.x Nobody/
  • dampierx500500Dave Dampier/home/dampier/bin/
    bash
  • mousemx501501Mickey Mouse/home/mousem/bin/cs
    h

Login Shell
Username
UID/GID
Home Directory
Password
Full Name
17
What else?
  • We have already said that it is difficult to find
    criminals that attack unix systems.
  • What other things about unix or linux would be
    useful?

18
Questions?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
Write a Comment
User Comments (0)
About PowerShow.com