Volatile Data

Once a system has been compromised, we need to get as much information as possible before it is shut down. We can make a quick log file from scratch.

# elevate to root
sudo su
# put a file heading
echo <heading> > report.txt
# add a timestamp
date >> report.txt
# system information
uname -a >> report.txt
# the name of the host
hostname >> report.txt
# network statistics
netstat -ano >> report.txt
# running processes
ps aux >> report.txt
# routing table
route -n >> report.txt
# end with a timestamp
date >> report.txt

PreviousSystem Logs NextNetworking

Last updated 1 year ago