IMPORTING INFORMATION INTO LIBREOFFICE

The output from the previous script is easily imported into LibreOffice Calc or another spreadsheet. Simply open the semicolon-separated file. You will need to specify what is used to separate the values (a semicolon for us) and should also select the format used for the date columns as shown in Figure 6.2.

FIGURE 6.2

Importing a semicolon-seperated file into LibreOffice. Note that the date columns should be formatted as dates as shown.

The spreadsheet is easily sorted by any of the dates and times. To sort the spreadsheet select the columns to be sorted and then select sort from the data menu. You will be greeted with a screen such as that shown in Figure 6.3.

FIGURE 6.3

Sorting the spreadsheet by access times.

After we have sorted the spreadsheet it is much easier to see related activities, or at least the files that have been accessed around the same time, possibly related to actions by an attacker. The highlighted rows in Figure 6.4 show a rootkit that was downloaded by the john account being accessed.

FIGURE 6.4

After sorting the spreadsheet by access times the download and installation of a rootkit is easily seen.

results matching ""

    No results matching ""