Digital Forensics
Due Monday, February 11

Assignment 0: Information Collection Exercise with Perl

Introduction to Perl:

Your assignment is to write a Perl program "" that collects some local state from your BackTrack instance and prepares a report on that state. Save it in the ~/bin directory of whatever login you prefer to use on your lab machine (i.e., if you prefer to use "root", then store the script in "~root/bin".)

Your program should:

  1. Run the program "ss" and collect all of the network connections that are listed in the report.
  2. For each of the remote (peer) ip addresses — but suppressing duplicates — execute (a) "host" to get a name for the host if one can be found (it's entirely possible that doesn't return anything useful) (b) if a hostname is available, extract the last two components of the hostname to get a domainname and do a "whois" on that domain name (i.e., for "", look up "whois".)
  3. Creates a report that looks like this one.

Once you have written your program, start a web browser and use it to connect to the following: web pages:

Run your program, and save the output in your preferred home directory as "collector.txt"; I will sit down individually with each of you on Monday to look at the report and to re-run your script by hand.