Purchase Solution

Usefulness of some UNIX commands to forensic investigators

Not what you're looking for?

Ask Custom Question

1. Explain in layman terms the following UNIX commands. For each command, point out its usefulness to forensic investigators.

finger
showmount
mount
echo
rlogin
whoami
rsh
rpcinfo
ypwhich
tcpmap
telnet

2. What does the term "pipe" mean in UNIX? Give 3 examples to illustrate your answer.

Purchase this Solution

Solution Summary

Solution clearly explains the usefulness of some popular UNIX command showmount, mount, echo, rlogin, whoami, rsh, rpcinfo, ypwhich, tcpmap, telnet, pipe to forensic investigators and also meaning of pipe operation with examples.

Solution Preview

1.
Finger:

It enables people to see who else is using the computer system as well as find basic information about a user. To find information about a specific user, it is necessary to know that person's email address. For example, in response to the command "finger [email address removed by system]" a computer running the Finger program would respond with information like following.

Login name: atstarr In real life: Andrew Starr
Office: Kansas City Home phone: 555-5555
Last login Mon Nov 8 13:22 on ttyre from sdn-ar-001mokcit

Plan:
To come so far one must be brave.
[email address removed by system]

http://www.amherst.edu/~atstarr/menu.html

Typical information provided by Finger command would be a person's real name, his office location and phone number, and the last time he logged in. Users can modify the plan field to add whatever additional text they want to be shown for them. In this example, Andrew added a quotation, his email address, and the URL for his web page.

Usefulness to forensic investigators:

Finger experts know that fingering "@","0", and "", as well as common names, such as root, bin, ftp, system, guest, demo, manager, etc. can reveal interesting information. What that information is depends on the version of finger daemon that your target is running, but the most notable are account names, along with their home directories and the host that they last logged in from.

Reference: http://www.rajivshah.com/Case_Studies/Finger/Finger.htm

Showmount:

The showmount <Host> command displays a list of all exported directories from a specified machine in the Host parameter.

Usefulness to forensic investigators:

Showmount queries the mount daemon on a remote host for information about the state of the NFS server on that machine.

Mount:

The Unix command line utility "mount" instructs the operating system that a file system is ready to use, and associates it with a particular point in the system's file system hierarchy (its mount point).

The mount command attaches disks, or directories logically rather than physically. The Unix mount command makes a directory accessible by attaching a root directory of one file system to another directory, which makes all the file systems usable as if they were subdirectories of the file system they are attached to.

Usefulness to forensic investigators:

Mount the home directory of user "guest." Since you don't have a corresponding account on the local ...

Purchase this Solution


Free BrainMass Quizzes
Basic Computer Terms

We use many basic terms like bit, pixel in our usual conversations about computers. Are we aware of what these mean? This little quiz is an attempt towards discovering that.

Basic Networking Questions

This quiz consists of some basic networking questions.

Basic UNIX commands

Use this quiz to check your knowledge of a few common UNIX commands. The quiz covers some of the most essential UNIX commands and their basic usage. If you can pass this quiz then you are clearly on your way to becoming an effective UNIX command line user.

Word 2010: Table of Contents

Ever wondered where a Table of Contents in a Word document comes from? Maybe you need a refresher on the topic? This quiz will remind you of the keywords and options used when working with a T.O.C. in Word 2010.

Excel Introductory Quiz

This quiz tests your knowledge of basics of MS-Excel.