Summarization of acquisition (1)

Notes:

MD5: md5 of collected files
Body: md5 of file system (from / down in this case)*
Body.x: md5 of suid/sgid files
Command_out: output from just about every command you can think of*
Conf_vault: just about every logfile and config file*
Proc: walk through process memory
Removed_but_running: list of files – all size zero – dunno what for
Trust: mostly time and x-windows based stuff
User_vault: user .history files

*we visit these outputs on slides