Linux FORENSICS
	---------------

Record all the console output
$ script -q <file-name>  

Backup the Hard Disk evidence
# dd if=/dev/hdc bs=1k conv=noerror,sync of=/home/evidence/image1


Resource:
--------
http://www.redhat.com/docs/manuals/enterprise/RHEL-4-Manual/security-guide/s1-response-invest.html

-------------------------------------------------------------------
Hugo Martin				www.hackcraft.com (2006)