A system audit isn’t any kind of professional measure. Simply, we’re going to make a record of how your system looks today. Save that record and check back in another week, and make a new record. Compare record A with record B. Is something different? If so, is it something you, personally, installed or changed? You get the idea.

A system audit can be performed from the command line. If you’re on the desktop, hit Control-Alt-F2 to get a console (you can also just open a terminal on the desktop, which is the same thing.). Start by typing,

mount

to see what’s already mounted. If your Windows system is mounted, it will usually show up as being /mnt/hda1 . If it isn’t, type

mount /dev/hda1 /mnt/hda1

Next type

ls -R /mnt/hda1 > WinSystem

To break that down: ‘ls’ is the ‘list’ command similar to ‘dir’ in DOS. -R is the option meaning ‘recursively list all sub-directories under that directory’ The ‘>’ is a re-direction operator; normally ls prints to the screen. The WinSystem is the name of the file you’re going to dump the result to. You can call it whatever you want (even WINFILES.TXT). You might want to append the date to the file name like so: WinSystem_3_16_07 . Depending on how big your Windows install is and how many files you have, this could take a while to finish – possibly hours for a 100-Gig drive!

While that’s happening, you can always hit Alt-F3 to go to another console (you can even hit Alt-F7 to pop back to the desktop and open a terminal. Or just stay on the desktop and open another terminal.) Now just type

ls /mnt/hda1/

to see all files in the C:\ drive of Windows. Anything there that applies as AUTOEXEC.BAT, CONFIG.SYS, IO.SYS, and so on, copy it over to your home directory with

cp /mnt/hda1/NAMEOFFILE ./

‘./’ is always your current directory. In fact, a lot of this will seem familiar to a DOS user, except that the \ and / are backwards from each other.

Once you have all the copies of configuration files plus the textfile with your directory listing, pick a way to save them. Either to floppy or a folder on Windows or to a usb drive. Mount a floppy with

mount /dev/fd0 /mnt/floppy

and a USB thumb drive with

mount /dev/sda1 /mnt/sda1

and to move all files from your current directory to storage media, type

mv ./* /mnt/media

where ‘media’ is either floppy or USB or your Windows folder where you want to send the files. You might also want to make a folder with the date in the name and keep the whole sheebang in there.

Now you have a record of how things were the last you checked. Now, when checking the record next time, keep in mind that Windows scribbles stuff in some places all the time. Your Internet Explorer updates it’s cookie file, you IE cache changes from day to day and so on. Not everything is a sign of intrusion. But you have the basic workings of a system to keep tabs on what programs are doing what behind your back.

Good luck, and happy hacking!

Popularity: 1% [?]

Related Posts:

• How To Run Windows 3.1 on DOSBox – inside Windows or Linux!
• Fixing Windows using a Live Linux CD – part three
• Fixing Windows using a Live Linux CD – part two
• Search Engine Study – part 1: Search Engines Defined
• An Overview of Wine for Linux

---