Open Source Security Tools : Practical Guide to Security Applications part 38. Few frontline system administrators can afford to spend all day worrying about security. But in this age of widespread virus infections, worms, and digital attacks, no one can afford to neglect network defenses. Written with the harried IT manager in mind, Open Source Security Tools is a practical, hands-on introduction to open source security tools. | Page 349 Friday June 25 2004 12 33 AM Chapter 11 Forensic Tools All of the tools and techniques described in this book so far will make your network very secure if implemented properly and maintained vigilantly. But even if you do everything right no network is 100 percent secure. If attackers are dedicated enough or lucky enough sometimes they can break in anyway. An outsider can take advantage of a zero-day exploit that isn t published yet or catch you in the window of opportunity between exploit announcement and patching. A tricky insider can use physical means to break in such as gaining physical access to a server or stealing a password. Or they might use social engineering to bypass all your security measures by getting an overly helpful employee to give them access. So what do you do if in spite of all your preparations your network or systems get compromised Assuming you still have a job it s not the end of the world. Even the largest companies in the world with huge security staffs get hacked so it is nothing to be ashamed of. However now it is time to pick up the pieces figure out how they got in patch up the holes and if necessary track down the perpetrators and take further action. A number of open source tools can help you in this endeavor. They are called forensic tools since you are trying to determine what happened based on the evidence you have available to you. Chapter Overview Concepts you will learn Uses for forensic tools Incident response concepts Preparing for forensic investigation Tenets of good forensic investigation 349 Page 350 Friday June 25 2004 12 33 AM 350 Chapter 11 Forensic Tools Tools you will use Fport lsof DD UNIX and Windows log files Sleuth Kit Autopsy Forensic Browser and The Forensic Toolkit Uses for Computer Forensic Tools After an attack on your system you are going to want to figure out how it was done so you can prevent it from happening again. If they managed to get past your existing .