Product SiteDocumentation Site

11.5. Analisi di codice malevolo

Some other tools that can be used for forensic analysis provided in the Debian distribution are: strace and ltrace
Any of these packages can be used to analyze rogue binaries (such as back doors), in order to determine how they work and what they do to the system. Some other common tools include ldd (in libc6), strings and objdump (both in binutils).
If you try to do forensic analysis with back doors or suspected binaries retrieved from compromised systems, you should do so in a secure environment (for example in a bochs or xen image or a chroot'ed environment using a user with low privileges[71]). Otherwise your own system can be back doored/r00ted too!
Se siete interessati nell'analisi dei malware, allora dovreste leggere il capitolo http://www.porcupine.org/forensics/forensic-discovery/chapter6.html del libro sull'analisi forense di Dan Farmer e Wietse Venema.


[71] >Be very careful if using chroots, since if the binary uses a kernel-level exploit to increase its privileges it might still be able to infect your system