Get Help Now
    24/7 Support

    Carving utmp records

    This article laconically describes cutting utmp records for intrusion analysis. These files are not text files, but sometimes the files have empty data. That’s why an attacker can delete these files if he has administrative privileges.


    There are three types of files: utmp, wtmp and btmp. All these types have the same format as described in “man utmp 5” and their size. Depending on the system, these files can usually be found in different places.

    You can get acquainted with utmp cutting utilities for analysis of intrusions in the kazamiya’ post.

     

    More.



    DISCLAIMER: THIS POST IS FOR INFORMATIONAL PURPOSES ONLY AND IS NOT TO BE CONSIDERED LEGAL ADVICE ON ANY SUBJECT MATTER. DIGITAL FORENSICS CORP. IS NOT A LAWFIRM AND DOES NOT PROVIDE LEGAL ADVICE OR SERVICES. By viewing posts, the reader understands there is no attorney-client relationship, the post should not be used as a substitute for legal advice from a licensed professional attorney, and readers are urged to consult their own legal counsel on any specific legal questions concerning a specific situation.