On Monday 14 February 2005 02:37 pm, Davis, Lawrence wrote: > Hello All, > > How would I go about recovering deleted files through ssh? What > tools can I upload to do this for me? I have no physical access to the > server, so everything is done through ssh and scp. I'm not sure what cmd > was executed to delete the files as it appears the server was hacked. >
/usr/portage/apps-forensics/ has: aide air autopsy chkrootkit examiner foremost galleta memdump pasco regviewer rifiuti rkhunter sleuthkit tct I know some of them can be used remotely, and a few were designed for that. As for recovering files, you may need to grab an image of the drive before anything else is written and scan it. Freshmeat may be helpful as well. -- Respectfully, Nicholas Leippe Sales Team Automation, LLC 1335 West 1650 North, Suite C Springville, UT 84663 +1 801.853.4090 http://www.salesteamautomation.com .===================================. | This has been a P.L.U.G. mailing. | | Don't Fear the Penguin. | | IRC: #utah at irc.freenode.net | `==================================='
