PaulDotCom mailing list archives

Re: Unix/Linux Incident Response resources

From: Dave Hull <dphull () trustedsignal com>
Date: Wed, 16 Nov 2011 08:29:32 -0600

On Tue, Nov 15, 2011 at 7:06 PM, Jon Schipp <jonschipp () gmail com> wrote:


Do you know of any good resources e.g. books, articles, cheat sheets on
incident response for *nix machines.

Things I'm looking for e.g. uses of "find", "grep", "strings", and tools
covering time stamp information etc.

Basically, going through your typical unix tools except with a IR
perspective/focus. I figured something like this would help me pay more
attention to things on my systems.


These results look self-serving, such was not my intention, but you
may find some useful things here:

http://www.google.com/search?q=site:computer-forensics.sans.org%2Fblog+awk+grep+find+strings+time+line&pbx=1&oq=site:computer-forensics.sans.org%2Fblog+awk+grep+find+strings+time+line
_______________________________________________
Pauldotcom mailing list
Pauldotcom () mail pauldotcom com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com

Current thread:

Unix/Linux Incident Response resources Jon Schipp (Nov 15)
- Re: Unix/Linux Incident Response resources Kevin Shaw (Nov 15)
  - Re: Unix/Linux Incident Response resources Christopher Croad (Nov 16)
- Re: Unix/Linux Incident Response resources Dave Hull (Nov 16)
- Re: Unix/Linux Incident Response resources David3 Gonnella (Nov 16)
  - Re: Unix/Linux Incident Response resources Jon Schipp (Nov 18)
  - Re: Unix/Linux Incident Response resources chrishague (Nov 18)