Mustafa Emre DEMİR, Sengul DOGAN, Türker TUNCER

Olay Müdahale Süreçlerinde Linux Sistemlerden Manuel Veri Toplama

Günümüzde gelişmiş kalıcı tehdit gruplarının (APT) yaptığı saldırılar gerek kurumları gerekse özel şirketleri hedef almaktadır. Bu tür APT gruplarının yaptığı saldırılar birçok farklı amaca hizmet edebilmektedir. Özellikle kamu kurumlarına karşı yapılan saldırılarda devletlere ait gizli bilgilerin elde edilmesi gibi hedefleri olduğu bilinmektedir. Bu tür atakların tespit edilmesi için kurumlarda var olan tüm uç noktaların merkezi bir yerden sürekli olarak takip edilmesi ve kurum/kuruluş içerisindeki tüm aktivitelerin kontrol edilmesi ihtiyacını ortaya çıkarmaktadır. Böyle bir sistem kurum veya kuruluşlarda kurulsa dahi sistemler üzerinde gerekli inceleme ve analiz işlemlerinin yapılması için insan kaynağı ihtiyacı ortaya çıkmaktadır. Ayrıca bu sistemler genellikle Windows odaklı çalışmaktadır ve Linux destekleyenlerin verimi oldukça düşüktür. Linux sistemler bu yapıda kör kalmaktadır. İzleme yapılsa dahi bahsedilen türde bir saldırıya maruz kaldığının tespit edilmesi ve incelenmesi mevcut kullanılan kurumsal çözümlerle başarılı olmamaktadır. Bu sebeplerle Linux sistemlerde olay müdahale süreçlerinin işletilmesinde bir zorluk olduğu değerlendirilmiştir. Bu makalede tespit edilen zorluğa çözüm sunulmaktadır. Olay Müdahale süreçlerinde Linux işletim sistemine sahip cihazlarda veri elde edilmesine yönelik çalışmalar yapılmış ve çıktıları açıklanmıştır. Özetle bu makalede sunulan çözüm yöntemi kullanılarak Linux tabanlı çoğu işletim sisteminde hızlı ve doğru sonuçlarla olay müdahale süreçleri tamamlanmıştır.

Anahtar Kelimeler:

Linux Adli Bilişim, Linux İçin Olay Müdahale, Manuel Linux Adli Bilişim Teknikleri, Olay Müdahale, Veri Toplama

Manuel Data Retrieval from Linux Systems in Incident Response Processes

Nowadays, Advanced Persistent Threat (APT) groups target different types of companies. Their purposes are to obtain confidential data of organizations. In order to detect such attacks, all endpoints in organizations should be monitored and analyzed from Security Operation Center Team. At the same time, human resources are required for the management of these systems. In addition, these systems generally work on Windows and solutions that support linux are less successful. For these reasons, it is considered that there is a difficulty in the operation of incident response processes in Linux systems. This article proposes a solution to the identified difficulty. In Incident Response processes, studies were carried out to obtain data on devices with Linux operating system and their outputs were announced. In summary, incident response processes were completed with fast and accurate results in most Linux-based operating systems using the solution method presented in this article.

Keywords:

Linux Forensics, Incident Response for Linux Forensic, Digital Forensics for Linux, Retrieval data from Linux operating system.,

PDF

___

Chen J, Su C, Yeh K-H, Yung M (2018) Special issue on advanced persistent threat. vol 79. Elsevier,
Niakanlahiji A, Wei J, Chu B-T A natural language processing based trend analysis of advanced persistent threat techniques. In: 2018 IEEE International Conference on Big Data (Big Data), 2018. IEEE, pp 2995-3000
Ahmad A, Webb J, Desouza KC, Boorman J (2019) Strategically-motivated advanced persistent threat: Definition, process, tactics and a disinformation model of counterattack. Computers & Security 86:402-418
Auty M (2015) Anatomy of an advanced persistent threat. Network Security 2015 (4):13-16
Hekim H, BAŞIBÜYÜK O (2013) Sİber Suçlar ve Türkİye’Nİn Sİber Güvenlİk Polİtİkalari. Uluslararası Güvenlik ve Terörizm Dergisi 4 (2):135-158
Karantzas G, Patsakis C (2021) An empirical assessment of endpoint detection and response systems against advanced persistent threats attack vectors. Journal of Cybersecurity and Privacy 1 (3):387-421
Javed AR, Ahmed W, Alazab M, Jalil Z, Kifayat K, Gadekallu TR (2022) A Comprehensive Survey on Computer Forensics: State-of-the-art, Tools, Techniques, Challenges, and Future Directions. IEEE Access
Garfinkel SL (2010) Digital forensics research: The next 10 years. digital investigation 7:S64-S73
Ling T The study of Computer forensics on Linux. In: 2013 International Conference on Computational and Information Sciences, 2013. IEEE, pp 294-297
Reddy N (2019) Linux forensics. In: Practical Cyber Forensics. Springer, pp 69-100
Nikkel B (2021) Practical Linux Forensics: A Guide for Digital Investigators. no starch Press,
Referans12. Reith M, Carr C, Gunsch G (2002) An examination of digital forensic models. International Journal of Digital Evidence 1 (3):1-12
Henkoğlu T (2020) Adli bilişim: Dijital delillerin elde edilmesi ve analizi. Pusula,
Schneier B (2014) The future of incident response. IEEE Security & Privacy 12 (5):96-96
Casey E (2009) Handbook of digital forensics and investigation. Academic Press,
Sabillon R (2022) Cybersecurity Incident Response and Management. In: Research Anthology on Business Aspects of Cybersecurity. IGI Global, pp 611-620
Andrade R, Torres J, Cadena S Cognitive security for incident management process. In: International Conference on Information Technology & Systems, 2019. Springer, pp 612-621
Thompson EC (2018) Cybersecurity incident response: How to contain, eradicate, and recover from incidents. Apress,
Altheide C, Carvey H (2011) Digital forensics with open source tools. Elsevier,
Amarchand G, Munn K, Renicker S A Study on Linux Forensics.
Carrier B (2005) File system forensic analysis. Addison-Wesley Professional,
Clarke GE (2018) CompTIA security+ certification study guide (exam SY0-501). McGraw-Hill Education,
Jones KJ, Bejtlich R, Rose CW (2005) Real digital forensics: computer security and incident response. Addison-Wesley Professional,
Easttom C (2017) System forensics, investigation, and response. Jones & Bartlett Learning,
Sachowski J (2018) Digital Forensics and Investigations: People, Processes, and Technologies to Defend the Enterprise. CRC Press,
Leigland R, Krings AW (2004) A formalization of digital forensics. International Journal of Digital Evidence 3 (2):1-32
Patil DN, Meshram BB (2016) Digital forensic analysis of ubuntu file system. Int J Cyber Secur Digit Forensics 4 (5):175-186
Patil DN, Meshram BB An Evidence Collection and Analysis of Ubuntu File System.
Yang K-p, Wallace K (2011) File Systems in Linux and FreeBSD: A Comparative Study. Journal of Emerging Trends in Computing and Information Sciences 2 (9)
Chen W, Liu C-m The analysis and design of Linux file system based on computer forensic. In: 2010 International Conference On Computer Design and Applications, 2010. IEEE, pp V2-60-V62-64
Choi J, Savoldi A, Gubian P, Lee S, Lee S Live forensic analysis of a compromised linux system using LECT (Linux Evidence Collection Tool). In: 2008 International Conference on Information Security and Assurance (isa 2008), 2008. IEEE, pp 231-236
Grundy B (2014) Advanced artifact analysis. European Union Agency for Network and Information Security