E-crime investigation. Security breach on a Linux Operation System Assignment

E-crime investigation. Security breach on a Linux Operation System - Assignment Example If we elaborate these further, the first time stamp named as ‘modify’ or the ‘mtime’ is updated when there is some change or modification. Likewise, in case of a directory, the time stamp is updated when there are changes / modifications or deletion occurs within the file in that particular directory. The second time stamp known as the ‘atime’ is updated for a file when it is executed or accessed. The third time stamp Change that is called as ‘ctime’ is updated when the data structure enclosing metadata of a file is accessed by the file system to define information of a file including owner, group name, access rights etc. are modified. However, during a forensic investigation, MAC times can provide a comprehensive clues if remains unchanged. Likewise, it illustrates the changes that occurred on the file system. Andy will use the TCT mactime program that is a part of the TCT tool kit for printing the MACtimes for a series of files to get an in depth view of what actually happened and how the hacker has compromised the system. Likewise, the mactime program develops a database of time stamps linked with the files of the system (Nemeth, Snyder et al. 2007). It was detected that on September 20 i.e. few days after the initial compromise of the system, the hacker entered in the system via a telnet command and started manipulating file system and server. The command below demonstrates evidence: Sep 20 00 15:46:05 31376 .a. -rwxr-xr-x root root/mount/usr/sbin/in.telnetd Sep 20 00 15:46:39 20452 .c -rwxr-xr-x root root/mount/bin/login ... -rwxr-xr-x root root/mount/usr/sbin/in.telnetd Sep 20 00 15:46:39 20452 .c -rwxr-xr-x root root/mount/bin/login After one hour of the system being compromised, a directory was established named as /dev/ttypq/ on the file system and soon a distrustful and unknown file starts appearing and modified on the file system. The most suspicious files were named as ipv6.0, rpc.status and rc.local. Sep 20 00 16:49:47 949 ..c -rwxr-xr-x root root /mount/etc/rc.d/rc.local 209 ..c -rwx------ root root /mount/usr/sbin/initd Sep 20 00 16:50:11 4096 .a. drwxr-xr-x operator 11 /mount/dev/ttypq/... Sep 20 00 16:52:12 7704 .a. -rw-r--r-- root root /mount/lib/modules/2.2.16-3/net/ipv6.o 209 .a. -rwx------ root root /mount/usr/sbin/initd 222068 .a. -rwxr-xr-x root root /mount/usr/sbin/rpc.status Andy’s investigation addressed the ipv6.0 file that was a modular visible string related to the suspected sockets of the network i.e. TCP port 32411 and TCP port 3457, more than one user account names, ille gitimate use of the Ethernet interface to relay all the traffic visible on the network. prover# strings ipv6.o check_logfilter kernel_version=2.2.16-3 my_atoi :32411 my_find_task :3457 is_invisible :6667 is_secret :6664 iget :6663 iput :6662 hide_process :6661 hide_file :irc __mark_inode_dirty :6660 unhide_file :6668 n_getdents nobody o_getdents telnet n_fork operator o_fork Proxy n_clone proxy o_clone undernet.org n_kill Undernet.org o_kill netstat n_ioctl syslogd dev_get klogd boot_cpu_data promiscuous mode __verify_write . . . o_ioctl adore.c n_write gcc2_compiled. o_write __module_kernel_version n_setuid we_did_promisc cleanup_module netfilter_table o_setuid check_netfilter init_module strstr __this_module logfilter_table sys_call_table In the above strings, a string named as adore.c

What were the major reasons for the collapse of the Soviet Union in Essay

What were the major reasons for the collapse of the Soviet Union in 1991 - Essay Example To begin with, the collapse of the Soviet Union was much a consequential effect of poor managerial aspects of the political system inexistence. Established in 1922 under Vladimir Lenin, Soviet Union was built on terror upon the larger citizenry, orchestrated by the Communist Party of the Soviet Union (CPSU) machinery engineered by Joseph Stalin, the party’s first General Secretary. Intolerant to any form of criticism, Stalin basically murdered millions opposed to his authoritarian nature of leadership; a style of leadership that would set the tone of communism for several decades, in effect, forcefully actualizing the acceptance of the Soviet Union’s governance with all the ills without questioning. In addition to his firm grip on the government machinery, his policy of dà ©tente basically cut off the Soviets from the world. His leadership was one of a kind that non-would have wanted to follow. Accordingly, long before Gorbachev’s assumed power in 1985, successi ve leadership beginning with Nikita Khrushchev-the immediate Stalin’s successor, made numerous changes; gradually losing the very fundamental facets of the Stalinist control (Dallin and Lapidise 675). As ideas from the west, spread in part by academics, begun reaching the masses, commitments to the Soviet Orthodoxy begun a fast downward trend; the exposure to the superior living standards in the west in addition to the political freedoms resulted in widespread jitters in the late seventies through to the Eighties ultimately forcing the introduction of Gorbachev’s ‘glasnost’ (Dallin and Lapidise 681). Instead of rectifying the hitherto growing dissatisfaction, the ‘glasnost’ unveiled the ills of the past regimes, further bringing into question the ideals of communism and legitimacy of the regime in power then. In reality, ideologies advanced by Gorbachev and his