This is the second article in a three part series on tools that are useful during incident response and investigation after a compromise has occurred
on a Linux, OpenBSD, or Solaris system. The first article focused on system tools, this one focuses on file system tools, and the next article will
discuss network and other tools.
October 17, 2003