-----BEGIN PGP SIGNED MESSAGE----- On Tue, 14 Aug 2001, Skinner, Kit wrote: > QUESTION: My question from a forensics standpoint is, if someone got > onto a system and placed a file using that naming scheme, how could you > determine its ACTUAL name? As a relative novice, all the tools I know > of seem to interpret the filename and display in the edited form. UNIX 'man' is your friend. Do a 'man ls'. But to answer your question: ls -lb To wit: $ cp arf arf^Hg $ ls -al ar* -rw-r--r-- 1 jdyson users 2587 Aug 13 16:09 arf -rw-r--r-- 1 jdyson users 1101 Aug 14 14:13 arg $ ls -lb ar* -rw-r--r-- 1 jdyson users 2587 Aug 13 16:09 arf -rw-r--r-- 1 jdyson users 1101 Aug 14 14:13 arf\010b - -Jay ( ( _______ )) )) .--"There's always time for a good cup of coffee"--. >====<--. C|~~|C|~~| (>------ Jay D. Dyson -- jdysonat_private ------<) | = |-' `--' `--' `-------- Real men prefer full disclosure. --------' `------' -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: See http://www.treachery.net/~jdyson/ for current keys. iQCVAwUBO3mHJblDRyqRQ2a9AQESQQP+Ldeby+T3djHZq7+oPy5DrVV9r/pVHX/s YJyWVpxhmlSd0Lb1AdTbox3urSJH9FPX7fk1FgbheZpNy54Qfqxr0agCLxOQuevC AvHpRtWeRC0j52nAds+y8kLGsCtapLrHu6R3FtJbhTyM1bS0SE9714kAi1EooMYp 6SngfWtD0n0= =Lzol -----END PGP SIGNATURE----- ----------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Wed Aug 15 2001 - 09:31:46 PDT