Abstract

This chapter discusses forensic discovery and analysis using the forensic tool BackTrack. The open source forensic tools included with the BackTrack distribution are powerful. They help in a variety of tasks: recovering deleted files, analyzing thumbnails and index.dat files, and capturing volatile and nonvolatile storage. One can use the tools in BackTrack in a variety of ways to investigate incidents that take place within an IT infrastructure. The BackTrack Security Distribution contains nine tools for forensic analysis. Its analysis of media can be extremely important if an intrusion has occurred. When companies have security holes and their systems have been penetrated, forensic analysis of systems will help to give clues of what has been done to the systems and what can be done to prevent further attacks. Analysis of volatile and nonvolatile storage can help in understanding how and why hackers were able to penetrate a system and what steps one can take to prevent them from doing more damage.

Talk to us

Join us for a 30 min session where you can share your feedback and ask us any queries you have

Schedule a call

Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.