±Forensic Focus Partners

Become an advertising partner

±Your Account


Username
Password

Forgotten password/username?

Site Members:

New Today: 3 Overall: 36489
New Yesterday: 5 Visitors: 194

±Follow Forensic Focus

Forensic Focus Facebook PageForensic Focus on TwitterForensic Focus LinkedIn GroupForensic Focus YouTube Channel

RSS feeds: News Forums Articles

±Latest Articles

±Latest Videos

±Latest Jobs

exploit evidence from encase

Computer forensics discussion. Please ensure that your post is not better suited to one of the forums below (if it is, please post it there instead!)
Reply to topicReply to topic Printer Friendly Page
Forum FAQSearchView unanswered posts
 
  

afsfr
Member
 

exploit evidence from encase

Post Posted: Dec 12, 19 09:35

we collect Linux image in encase, we suspect one of Linux application is exploited and attacker got root shell access through exploit, is there any way to find evidence of exploit in encase? thanks  
 
  

keydet89
Senior Member
 

Re: exploit evidence from encase

Post Posted: Dec 12, 19 11:55

- afsfr
we collect Linux image in encase, we suspect one of Linux application is exploited and attacker got root shell access through exploit, is there any way to find evidence of exploit in encase? thanks


What's the Linux version?

What is the application?  
 
  

Rich2005
Senior Member
 

Re: exploit evidence from encase

Post Posted: Dec 12, 19 12:37

- keydet89
- afsfr
we collect Linux image in encase, we suspect one of Linux application is exploited and attacker got root shell access through exploit, is there any way to find evidence of exploit in encase? thanks


What's the Linux version?

What is the application?


I could be wrong but I think (due to language barrier) he's saying they don't know the method of entry and basically wants to know how to do an intrusion investigation in EnCase (ie not one specific app).  
 
  

Bunnysniper
Senior Member
 

Re: exploit evidence from encase

Post Posted: Dec 12, 19 12:47

- Rich2005

I could be wrong but I think (due to language barrier) he's saying they don't know...


Please have a look at his other questions. We are facing a person, who does not even have beginner knowledge in digital forensics and is too lazy to read about the basics. "Don`t feed the troll" - my 2 cent.

regards, Robin
_________________
--
All opinions are mine and are not necessarily the opinions of my employer. 
 
  

afsfr
Member
 

Re: exploit evidence from encase

Post Posted: Dec 13, 19 07:52

- Rich2005
- keydet89
- afsfr
we collect Linux image in encase, we suspect one of Linux application is exploited and attacker got root shell access through exploit, is there any way to find evidence of exploit in encase? thanks


What's the Linux version?

What is the application?


I could be wrong but I think (due to language barrier) he's saying they don't know the method of entry and basically wants to know how to do an intrusion investigation in EnCase (ie not one specific app).


I have a vulnerable application, Linux kernel also out of dated, I need to provide evidence for initial shell access, I 'm not sure the shell access by hacker is through which exploit (which script hacker used? through buffer overflow or LSASS exploit? OS or application level?), the compromise didn't cause application malfunction, but hacker gain shell access to our LONDON data center Linux machine and further escalate to root. so the first step intrusion evidence (remote shell access)I need to collect, you are right  
 

Page 1 of 1