Autopsy ascii Fragment Report (ver 1.70) ------------------------------------------------------ Fragment: 1434 Length: 4096 bytes Pointed to by Inode: 8 Pointed to by files: /etc/locale/pt_BR/P^184^255^191^140s^1 (deleted) /etc/locale/pt_BR//usr/sh (deleted) /lib/modules/2.4.7-10/kernel/drivers/scsi/aic7xxx/ (deleted) /lib/modules/2.4.7-10/kernel/fs/fat/^7 (deleted) MD5 of raw Fragment: c2605d60a9525d6acddeb3dfc0ca623b MD5 of ascii output: 0e96675f01fe8a469fa7d9535c59df0e Image: /home/kmaster/tools/filesystem/evidence//SOTM29/192.168.1.79/images/root_honeypot Image Type: linux-ext3 Date Generated: Sat Sep 20 09:08:39 2003 Investigator: CGR ------------------------------------------------------ .;9.........ID %CPU %MEM SIZE RSS TTY STAT START TIME COMMAND apache 21510 0.0 0.4 1476 392 ? S 15:28 0:00 ./bash apache 21511 0.0 1.1 2188 1124 p3 S 15:28 0:00 sh -i apache 23289 0.0 0.3 1376 296 p3 S 15:30 0:00 /dev/shm/k apache 23292 0.0 0.0 0 0 p3 Z 15:30 0:00 [k ] apache 23302 0.0 0.0 0 0 p3 Z 15:30 0:00 [k ] ident 677 0.0 0.9 26924 936 ? S Aug 9 0:00 identd -e -o ident 685 0.0 0.9 26924 936 ? S Aug 9 0:00 identd -e -o ident 686 0.0 0.9 26924 936 ? S Aug 9 0:00 identd -e -o ident 695 0.0 0.9 26924 936 ? S Aug 9 0:00 identd -e -o ident 696 0.0 0.9 26924 936 ? S Aug 9 0:00 identd -e -o root 1 0.0 0.5 1412 520 ? S Aug 9 0:05 init root 2 0.0 0.0 0 0 ? SW Aug 9 0:00 [keventd] root 3 0.0 0.0 0 0 ? SW Aug 9 0:00 [kapm-idled] root 4 0.0 0.0 0 0 ? SWNAug 9 0:00 [ksoftirqd_CPU0] root 6 0.0 0.0 0 0 ? SW Aug 9 0:00 [kreclaimd] root 7 0.0 0.0 0 0 ? SW Aug 9 0:00 [bdflush] root 8 0.0 0.0 0 0 ? SW Aug 9 0:00 [kupdated] root 9 0.0 0.0 0 0 ? SW