brian-carrier
- The analysis is a fine piece of work, especially deleted files
by name and references to RedHat advisories and Bugtraq.
- The summary is excellent. :-)
- The advisory is good. Includes reference to RH patch site.
- Excellent writeups, easy to read and understand. Clear use
of whitespace.
- Like techniques.txt, which gave an overview
of how you attacked the analysis. Would love to see some
screen shots of your analysis tools.
- Brian produced a very readable timeline and thorough explanation of
the location of data in deleted filespace (a function of the TCTUTILS
and "autopsy" broswer tools he developed for this purpose.) Brian's
coding resulted in an efficiency in dealing with i-node attributes
(including deleted file and directory processing) that resulted in
very detailed analysis of intruder activity.
- He included a separate description of tool use, which is very helpful
for those learning forensic analysis techniques.