exploit evidence from encase

we collect Linux image in encase, we suspect one of Linux application is exploited and attacker got root shell access through exploit, is there any way to find evidence of exploit in encase? thanks

What's the Linux version?

What is the application?

we collect Linux image in encase, we suspect one of Linux application is exploited and attacker got root shell access through exploit, is there any way to find evidence of exploit in encase? thanks

What's the Linux version?

What is the application?

I could be wrong but I think (due to language barrier) he's saying they don't know the method of entry and basically wants to know how to do an intrusion investigation in EnCase (ie not one specific app).

I could be wrong but I think (due to language barrier) he's saying they don't know…

Please have a look at his other questions. We are facing a person, who does not even have beginner knowledge in digital forensics and is too lazy to read about the basics. "Don`t feed the troll" - my 2 cent.

regards, Robin

we collect Linux image in encase, we suspect one of Linux application is exploited and attacker got root shell access through exploit, is there any way to find evidence of exploit in encase? thanks

What's the Linux version?

What is the application?

I could be wrong but I think (due to language barrier) he's saying they don't know the method of entry and basically wants to know how to do an intrusion investigation in EnCase (ie not one specific app).

I have a vulnerable application, Linux kernel also out of dated, I need to provide evidence for initial shell access, I 'm not sure the shell access by hacker is through which exploit (which script hacker used? through buffer overflow or LSASS exploit? OS or application level?), the compromise didn't cause application malfunction, but hacker gain shell access to our LONDON data center Linux machine and further escalate to root. so the first step intrusion evidence (remote shell access)I need to collect, you are right