Introduction to the Case Studies
Postmortem analysis of UNIX system crash dumps always involves the same initial investigative work. We begin the analysis by collecting information including:
This data might be likened to a medical doctor's check of blood pressure, temperature, pulse, and respiration, followed by an open probe such as "So, what's wrong?", which is answered by the patient. The doctor may do this for every patient who walks into his office.
Using this initial information, the doctor then begins a more detailed analysis of the problem using information and data from further tests. Putting his experience and knowledge to work, he interprets the new data. In UNIX system crash dump analysis, once the initial information is collected, the UNIX guru also moves into a phase of more detailed analysis work.
The subsequent , detailed investigative work will often vary, based on what is found throughout the analysis process and how that data is interpreted. This interpretation is done by individuals, thus introducing a human factor to this absolute, numerical puzzle. One UNIX guru might see the data and decide to turn left in his analysis work, whereas another might turn right. Their analysis paths may cross a few times, but in the end, they will reach the same conclusions.
In the following chapters, we invite you to sit with us while we examine the postmortem remains of several different UNIX systems. You'll see how we interpret the data, adjust our analysis work based on that data, and decide whether the data is relevant. You'll witness successful and unsuccessful quests for information. You'll see clever use of adb . We'll also share with you a few of the more advanced "tricks of the trade."
We hope you'll enjoy these visits to the world of UNIX system crash dump analysis.
Pull up a chair , make yourself comfortable, and let's begin!
