Chapter 11 - Forensic Discovery and Analysis Using BackTrack

Abstract

This chapter discusses forensic discovery and analysis using the forensic tool BackTrack. The open source forensic tools included with the BackTrack distribution are powerful. They help in a variety of tasks: recovering deleted files, analyzing thumbnails and index.dat files, and capturing volatile and nonvolatile storage. One can use the tools in BackTrack in a variety of ways to investigate incidents that take place within an IT infrastructure. The BackTrack Security Distribution contains nine tools for forensic analysis. Its analysis of media can be extremely important if an intrusion has occurred. When companies have security holes and their systems have been penetrated, forensic analysis of systems will help to give clues of what has been done to the systems and what can be done to prevent further attacks. Analysis of volatile and nonvolatile storage can help in understanding how and why hackers were able to penetrate a system and what steps one can take to prevent them from doing more damage.