11.5 Log Files

Previous page
Table of content
Next page

11.5 Log Files

UNIX systems have a variety logs that can be useful in an investigation. Logons and logoffs, or any event on a UNIX computer for that matter, can create entries in one or more system log files. An entry may be made in the lastlog file that can be interpreted using the lastlog command, and in the wtmp and utmp databases that can be interpreted using the last command. The degree of detail in these logs varies depending on how logging is configured. UNIX systems can even be configured to record the commands that each user account executed using process accounting (pacct files are accessed using last-comm) or the Basic Security Module (BSM) on Solaris. Additionally, servers running on UNIX machines may have logs that can be useful for reconstructing events and tracking down offenders as discussed in Part 3 of this text.



Previous page
Table of content
Next page
Digital Evidence and Computer Crime
Digital Evidence and Computer Crime, Second Edition
ISBN: 0121631044
EAN: 2147483647
Year: 2003
Pages: 279
Authors: Eoghan Casey BS MA
BUY ON AMAZON
MySQL Stored Procedure Programming
ERP and Data Warehousing in Organizations: Issues and Challenges
An Introduction to Design Patterns in C++ with Qt 4
Logistics and Retail Management: Emerging Issues and New Challenges in the Retail Supply Chain
Special Edition Using Crystal Reports 10
.NET System Management Services
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy