Carving utmp records

This article laconically describes cutting utmp records for intrusion analysis. These files are not text files, but sometimes the files have empty data. That’s why an attacker can delete these files if he has administrative privileges.

There are three types of files: utmp, wtmp and btmp. All these types have the same format as described in “man utmp 5” and their size. Depending on the system, these files can usually be found in different places.

You can get acquainted with utmp cutting utilities for analysis of intrusions in the kazamiya’ post.

More.

DISCLAIMER: THIS POST IS FOR INFORMATIONAL PURPOSES ONLY AND IS NOT TO BE CONSIDERED LEGAL ADVICE ON ANY SUBJECT MATTER. DIGITAL FORENSICS CORP. IS NOT A LAWFIRM AND DOES NOT PROVIDE LEGAL ADVICE OR SERVICES. By viewing posts, the reader understands there is no attorney-client relationship, the post should not be used as a substitute for legal advice from a licensed professional attorney, and readers are urged to consult their own legal counsel on any specific legal questions concerning a specific situation.

News

Carving utmp records

Read Next

USA Passes Take It Down Act: Fighting NCII at the Federal Level

Operation Artemis: FBI Arrests 22 in International Sextortion Crackdown

Digital Forensics Corp. Launches Pro Bono Initiative to Combat Sextortion Targeting Minors

Digital Forensics Corp. Launches 2025 Sextortion Study to Uncover the True Scope of a Growing Cybercrime