Linux.com takes a look at the security tools in the live CD Auditor. "Let's say you've been called in to examine a possible compromised server, and until the integrity of the server has been established you are not allowed to install any forensic software or even take the server offline. You can take your Auditor CD and start running the chkrootkit utility to see if any known rootkits are installed on the server. If you find any suspicious activity, you can take a disk image with the dd command and examine it for any possible rootkits or strange processes."

---

to post comments