Happy February Readers,
I didn't want to miss last week's posting, but I also didn't have the time to make a quality post before leaving on a trip. So quality over quantity will hopefully gain favor with you. I'm taking a break in the What was wiped series to give myself some more time to gather what I need and instead I am continuing the What are you missing series in this post.
Doing forensics on specialized servers, which I will define as anything non wintel and whose file systems have no parsers supported in forensic tools, is an interesting challenge. You have to:
1. Research where the system log files exist
2. Determine what format the logs are in
3. Capture the metadata of the file system
4. Determine if the file system can be parsed by anything but the running OS
5. Determine if it's feasible to image the server via DD
6. Determine if here is any hardware specific evidence that exists
No comments:
Post a Comment