Intro to Cyber Crime and Computer Forensics CS 42736273 November 5, 2003

1
Intro to Cyber Crime and Computer Forensics CS
4273/6273 November 5, 2003
MISSISSIPPI STATE UNIVERSITY DEPARTMENT OF
COMPUTER SCIENCE
2
Introduction to Unix and LinuxChapter 9
MISSISSIPPI STATE UNIVERSITY DEPARTMENT OF
COMPUTER SCIENCE
3
Unix

• UNIX is a multi-layered OS
• From the user to the hardware
• User/shell/file system/kernel/hardware
• Different Variations
• Unix System V
• SunOS
• Solaris
• BSD
• FreeBSD
• OpenBSD
• Linux

4
Unix
User
Shell
Kernel
Hardware
5
Unix

• Kernel
• Operating System Functions
• Shell
• Command Interpreter
• Like Command.com in DOS
• Switchable from one to another on the fly.

6
History of Shells
Functionality
tcsh
ksh
zsh
bash
csh
sh
rc
Taken from Unix The Textbook by Sarwar et al.
7
Shells

• Bourne Shell
• /bin/sh
• First Unix Shell developed by ATT
• C Shell
• /bin/csh
• Introduced interactive job control commands
• /bin/tcsh
• First shell to allow text-editing commands on
  command line.

8
Shells

• Korn Shell
• Developed by ATT researcher David Korn
• /bin/ksh
• Best features of both C Shell and tcsh
• bash
• Bourne Again Shell
• /bin/bash
• Most widely used on Linux
• Functionally equivalent to Korn Shell
• Z Shell

9
Unix File System

• / Root Directory
• /dev Device Directory
• /tmp Temporary Files Directory
• /bin Executables
• /users User Files
• /users/dampier Full path address of dampier
  account filespace.
• Inodes

10
Contents of an Inode
11
Unix Commands

• Ctrl-C
• Halts Running Process
• Ctrl-Z
• Suspends Running Process
• bg
• Runs the most recently suspended process in the
  background
• fg
• Makes a background process the foreground process
• jobs
• Lists all running background jobs

12
Continued

• awk
• Create Scripts to find patterns in files and run
  commands on them
• grep
• Find text patterns in files
• grep bomb
• cat
• Concatenate two files together
• ps
• List all jobs currently running
• dd
• Convert and copy a file
• kill
• Kill an active process

13
Files to Look For

• History File
• Existing scripts
• Text files with executability turned on.
• Password Files
• Other Logs

14
History File

• rm organization.bmp vi .historycdls
  .hwpdpwdcd /ls .hlsls -acd ls .bvi
  .bash_historyjobsdu vi /etc/passwdlogin
  disneytelnet disneyfgexit

15
Directory Listing

• total 34456-rwxr--r-- 1 dampier staff
  58880 Sep 18 2002 Chapter25.ppt-rwxr--r-- 1
  dampier staff 83968 Jun 21 2000
  Chapter30.ppt-rw-r--r-- 1 dampier staff
  262078 Jan 21 0900 Coldnose.gif-rwxr--r-- 1
  dampier staff 44032 Sep 30 2002
  ComputerCrime.course.doc-rwxr--r-x 1 dampier
  staff 25600 Feb 20 1400 Consistency.txt-rw-
  r--r-- 1 dampier staff 26624 Sep 11 2002
  HYPOTHESIS.doc-rw-r--r-- 1 dampier staff
  322578 Mar 8 2002 LCM.zip-rwxr--r-- 1
  dampier staff 57856 Feb 19 1455
  Lesson7.ppt-rw------- 1 dampier staff
  629248 Oct 14 0947 MSWE635lesson6.pptdrwx------
  2 dampier staff 2048 Apr 1 1814
  Mail-rw-r--r-- 1 dampier staff 292864 Nov
  26 1308 OORA.ppt-rwxr--r-- 1 dampier staff
  60928 Jan 21 1353 P2002044SofteDAM.doc-rwxr--
  r-- 1 dampier staff 73216 Feb 5 1416
  P2003054COMPUDAM.doc-rwx------ 1 dampier
  staff 26112 Jan 17 1424 POS_NDU_Mapping.doc
   

16
Password File

• rootx01Super-User//sbin/sh
• daemonx11/
• binx22/usr/bin
• sysx33/
• admx44Admin/var/adm
• lpx718Line Printer Admin/usr/spool/lp
• uucpx55uucp Admin/usr/lib/uucp
• nuucpx99uucp Admin/var/spool/uucppublic/usr/
  lib/uucp/uucico
• listenx374Network Admin/usr/net/nls
• nobodyx6000160001Nobody/
• noaccessx6000260002No Access User/
• nobody4x6553465534SunOS 4.x Nobody/
• dampierx500500Dave Dampier/home/dampier/bin/
  bash
• mousemx501501Mickey Mouse/home/mousem/bin/cs
  h

Login Shell
Username
UID/GID
Home Directory
Password
Full Name
17
What else?

• We have already said that it is difficult to find
  criminals that attack unix systems.
• What other things about unix or linux would be
  useful?

18
Questions?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?