11.5. Analisi di codice malevolo
Some other tools that can be used for forensic analysis provided in the Debian distribution are: strace and ltrace
Any of these packages can be used to analyze rogue binaries (such as back doors), in order to determine how they work and what they do to the system. Some other common tools include ldd
(in libc6), strings
and objdump
(both in binutils).
If you try to do forensic analysis with back doors or suspected binaries retrieved from compromised systems, you should do so in a secure environment (for example in a
bochs or
xen image or a
chroot
'ed environment using a user with low privileges
). Otherwise your own system can be back doored/r00ted too!