Title: Intro to Cyber Crime and Computer Forensics CS 4273/6273 November 5, 2003
1Intro to Cyber Crime and Computer Forensics CS
4273/6273 November 5, 2003
MISSISSIPPI STATE UNIVERSITY DEPARTMENT OF
COMPUTER SCIENCE
2Introduction to Unix and LinuxChapter 9
MISSISSIPPI STATE UNIVERSITY DEPARTMENT OF
COMPUTER SCIENCE
3Unix
- UNIX is a multi-layered OS
- From the user to the hardware
- User/shell/file system/kernel/hardware
- Different Variations
- Unix System V
- SunOS
- Solaris
- BSD
- FreeBSD
- OpenBSD
- Linux
4Unix
User
Shell
Kernel
Hardware
5Unix
- Kernel
- Operating System Functions
- Shell
- Command Interpreter
- Like Command.com in DOS
- Switchable from one to another on the fly.
6History of Shells
Functionality
tcsh
ksh
zsh
bash
csh
sh
rc
Taken from Unix The Textbook by Sarwar et al.
7Shells
- Bourne Shell
- /bin/sh
- First Unix Shell developed by ATT
- C Shell
- /bin/csh
- Introduced interactive job control commands
- /bin/tcsh
- First shell to allow text-editing commands on
command line.
8Shells
- Korn Shell
- Developed by ATT researcher David Korn
- /bin/ksh
- Best features of both C Shell and tcsh
- bash
- Bourne Again Shell
- /bin/bash
- Most widely used on Linux
- Functionally equivalent to Korn Shell
- Z Shell
9Unix File System
- / Root Directory
- /dev Device Directory
- /tmp Temporary Files Directory
- /bin Executables
- /users User Files
- /users/dampier Full path address of dampier
account filespace. - Inodes
10Contents of an Inode
Element Description
Owner and Group IDs Permissions are granted to users, groups and everyone
Type Regular, Directory, Character, or Device Drivers
Access Permissions Read, Write, and Execute Permissions
Times (atime, mtime, ctime) Last access of the file (access/modify/change)
Number of links Number of pointers to this inode
Pointers to Data Blocks Unix files are composed of blocks, may or may not be contiguous
File Size Can be larger than the number of blocks sometimes
11Unix Commands
- Ctrl-C
- Halts Running Process
- Ctrl-Z
- Suspends Running Process
- bg
- Runs the most recently suspended process in the
background - fg
- Makes a background process the foreground process
- jobs
- Lists all running background jobs
12Continued
- awk
- Create Scripts to find patterns in files and run
commands on them - grep
- Find text patterns in files
- grep bomb
- cat
- Concatenate two files together
- ps
- List all jobs currently running
- dd
- Convert and copy a file
- kill
- Kill an active process
13Files to Look For
- History File
- Existing scripts
- Text files with executability turned on.
- Password Files
- Other Logs
14History File
- rm organization.bmp vi .historycdls
.hwpdpwdcd /ls .hlsls -acd ls .bvi
.bash_historyjobsdu vi /etc/passwdlogin
disneytelnet disneyfgexit
15Directory Listing
- total 34456-rwxr--r-- 1 dampier staff
58880 Sep 18 2002 Chapter25.ppt-rwxr--r-- 1
dampier staff 83968 Jun 21 2000
Chapter30.ppt-rw-r--r-- 1 dampier staff
262078 Jan 21 0900 Coldnose.gif-rwxr--r-- 1
dampier staff 44032 Sep 30 2002
ComputerCrime.course.doc-rwxr--r-x 1 dampier
staff 25600 Feb 20 1400 Consistency.txt-rw-
r--r-- 1 dampier staff 26624 Sep 11 2002
HYPOTHESIS.doc-rw-r--r-- 1 dampier staff
322578 Mar 8 2002 LCM.zip-rwxr--r-- 1
dampier staff 57856 Feb 19 1455
Lesson7.ppt-rw------- 1 dampier staff
629248 Oct 14 0947 MSWE635lesson6.pptdrwx------
2 dampier staff 2048 Apr 1 1814
Mail-rw-r--r-- 1 dampier staff 292864 Nov
26 1308 OORA.ppt-rwxr--r-- 1 dampier staff
60928 Jan 21 1353 P2002044SofteDAM.doc-rwxr--
r-- 1 dampier staff 73216 Feb 5 1416
P2003054COMPUDAM.doc-rwx------ 1 dampier
staff 26112 Jan 17 1424 POS_NDU_Mapping.doc
16Password File
- rootx01Super-User//sbin/sh
- daemonx11/
- binx22/usr/bin
- sysx33/
- admx44Admin/var/adm
- lpx718Line Printer Admin/usr/spool/lp
- uucpx55uucp Admin/usr/lib/uucp
- nuucpx99uucp Admin/var/spool/uucppublic/usr/
lib/uucp/uucico - listenx374Network Admin/usr/net/nls
- nobodyx6000160001Nobody/
- noaccessx6000260002No Access User/
- nobody4x6553465534SunOS 4.x Nobody/
- dampierx500500Dave Dampier/home/dampier/bin/
bash - mousemx501501Mickey Mouse/home/mousem/bin/cs
h
Login Shell
Username
UID/GID
Home Directory
Password
Full Name
17What else?
- We have already said that it is difficult to find
criminals that attack unix systems. - What other things about unix or linux would be
useful?
18Questions?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?