evidence.txt Time line and technical analysis, text version. evidence.ps Time line and technical analysis, PostScript version. advisory.txt Technical advisory, text version. advisory.ps Technical advisory, PostScript version. summary.txt Executive summary, text version. summary.ps Executive summary, PostScript version. costs.txt Cost estimate, text version. costs.ps Cost estimate, PostScript version. Contents of files.tar: md5sum.mismatches Output from checking system consistency with rpm. dot-fileMeYV0p The file written by the in.identd installed on the system. in.identd.S Raw output from running objdump on in.identd. in.identd.s A commented version of some excerpts from the disassembler listing. dirlist Output from investigating directory mtimes. bash-histories find(1) output concerning the .bash_history files and/or links found on the system. logsnippets Log file snippets grepped from the /var partition. logsnippets.swap Log file snippets grepped from the swap partition. swap-environments Environment-like strings found in the swap partition. passwd.suspects passwd-like strings found on the root partition. passwd.snippets actual passwd entries found in passwd.suspects. bash_history.root Fragments from root's .bash_history, recovered from the root partition. ssh.diff Diff between a known-good version of ssh-1.2.27 and the version installed on the system. bigbody Combined output from ils|ils2mac and graverobber. timeline.txt mactime output, generated from bigbody. lastlog.c The C source code of a simple tool to dump the entire lastlog file of the victim system. trojan.sh The script used by the attacker to adapt the system to his needs. Recovered from the evidence. addbd.sh The addbd shell script, as extracted from the evidence. linsniffer.c Source code for linsniffer, from lrk4. snif.s Objdump output generated from the snif binary. libfake.tar The source code for the shared library used for examining the slice2 binary found on the system. sendto.log sendto.log.apollo headers headers.apollo The output files generated during that examination.