======================== Index of submitted files ======================== advisory.txt Advisory for consumption by other system administrators and incident handlers within your organization costs.txt Incident cost-estimate evidence.txt Time line and detailed (technical) analysis. files.tar Archive of additional files submitted index.txt Index of files/directories submitted questions.txt Answers to Q1-Q10 posed on forensic challenge contest page stampMD5.pl Perl script to automate timestamping of contest files summary.txt Management and media (non-technical) summary timeline.txt Condensed timeline of events toolkit.txt Detailed analysis of intruder toolkit Contents of files.tar --------------------- lazarus/logs/messages.deleted.Nov5093340 lazarus/logs/messages.deleted.Nov5093340-2 lazarus/logs/messages.deleted.Nov5093341 lazarus/logs/messages.deleted.Nov593342 lazarus/logs/messages.deleted lazarus/logs/messages.statd.deleted lazarus/system_files/pam.conf.deleted lazarus/system_files/passwd.deleted lazarus/system_files/passwd.deleted.2 lazarus/system_files/fstab.deleted lazarus/eggdrop/assoc.c.deleted lazarus/eggdrop/blowfish.c.deleted lazarus/eggdrop/chanprog.c.deleted lazarus/eggdrop/dcc.c.deleted lazarus/eggdrop/filedb.c.deleted lazarus/eggdrop/files.c.deleted lazarus/eggdrop/hash.c.deleted lazarus/eggdrop/hash.h.deleted lazarus/eggdrop/mem.c.deleted lazarus/eggdrop/misc.c.deleted lazarus/eggdrop/modules.h.deleted lazarus/eggdrop/tcl.c.deleted lazarus/eggdrop/tclegg.h.deleted lazarus/eggdrop/tclhash.c.deleted lazarus/eggdrop/users.c.deleted lazarus/eggdrop/users.h.deleted lazarus/eggdrop/cmds.c.deleted lazarus/eggdrop/dccutil.c.deleted lazarus/eggdrop/bf_tab.h.deleted lazarus/eggdrop/users.h lazarus/eggdrop/blowfish.h.deleted lazarus/eggdrop/mode.c.deleted lazarus/eggdrop/msgcmds.c.deleted lazarus/eggdrop/msgnotice.c.deleted lazarus/eggdrop/net.c.deleted lazarus/eggdrop/main.c.deleted lazarus/eggdrop/botcmd.c.deleted lazarus/eggdrop/userrec.c.deleted lazarus/eggdrop/botnet.c.deleted lazarus/eggdrop/chan.c.deleted lazarus/eggdrop/configure.deleted lazarus/eggdrop/configure.in.deleted lazarus/eggdrop/Makefile.deleted lazarus/eggdrop/Makefile.in.deleted lazarus/eggdrop/eggdrop_compile.deleted lazarus/eggdrop/tpack_script.deleted lazarus/eggdrop/irc_script.deleted.1 lazarus/eggdrop/irc_script.deleted.2 lazarus/eggdrop/irc_script.deleted.3 lazarus/eggdrop/irc_script.deleted.whole lazarus/eggdrop/chan.c.deleted.whole lazarus/eggdrop/dccutil.c.deleted.whole lazarus/eggdrop/eggdropMakefile.deleted.whole lazarus/eggdrop/main.c.deleted.whole lazarus/eggdrop/modes.c.deleted.whole lazarus/sshd/sshdlogger.deleted.2 lazarus/sshd/sshd_trojan.deleted lazarus/sshd/sshd_trojan.deleted.2 lazarus/sshd/config.h lazarus/sshd/config.h.deleted lazarus/sshd/config.cache.deleted lazarus/sshd/Makefile.in lazarus/named/named_install.deleted mactime/changed mactime/changed.Nov8 mactime/modified.Nov8 mactime/victim.mactime mactime/accessed.Nov8 mactime/victim.mactime.evidence rpm_info/attackerRPMS rpm_info/rpm_files.bin rpm_info/rpm_files.MD5 rpm_info/rpm_files.missing rpm_info/rpm_files.mode rpm_info/rpmDates.sh rpm_info/rpmInstallDates rpm_info/rpm_packages rpm_info/rpm_verification strings/inetd.strings strings/pstree.strings strings/Q.strings strings/snif.strings strings/slice2.strings strings/amdx.strings strings/z0ne.strings strings/statdx.strings strings/classb.strings strings/fs.strings strings/wu.strings strings/x.strings strings/sshd.strings strings/realsshd.strings strings/bx.strings strings/FILENAMES_FOUND.strings strings/addn.strings strings/ben.strings strings/find.strings strings/fix.strings strings/killall.strings strings/pscan.strings strings/qs.strings strings/q.strings strings/r.strings strings/named.strings strings/ls.strings strings/netstat.strings strings/ps.strings strings/tcpd.strings strings/ifconfig.strings strings/top.strings strings/syslogd.strings symbols/bx.symbols.p symbols/find.symbols.p symbols/fix.symbols.p symbols/pstree.symbols.p symbols/snif.symbols.p symbols/amdx.symbols.p symbols/z0ne.symbols.p symbols/sshd.symbols.p symbols/addn.symbols.Du symbols/sshd.symbols.Du symbols/find.symbols.Du symbols/addn.symbols.p symbols/amdx.symbols.Du symbols/ben.symbols.Du symbols/ben.symbols.p symbols/bx.symbols.Du symbols/classb.symbols.Du symbols/classb.symbols.p symbols/fix.symbols.Du symbols/killall.symbols.Du symbols/killall.symbols.p symbols/pscan.symbols.Du symbols/pscan.symbols.p symbols/pstree.symbols.Du symbols/qs.symbols.Du symbols/qs.symbols.p symbols/q.symbols.Du symbols/q.symbols.p symbols/r.symbols.Du symbols/r.symbols.p symbols/slice2.symbols.Du symbols/slice2.symbols.p symbols/snif.symbols.Du symbols/statdx.symbols.Du symbols/statdx.symbols.p symbols/wu.symbols.Du symbols/wu.symbols.p symbols/x.symbols.Du symbols/x.symbols.p symbols/z0ne.symbols.Du symbols/ls.p symbols/ls.Du symbols/ps.p symbols/ps.Du symbols/netstat.p symbols/netstat.Du symbols/tcpd.symbols.p symbols/tcpd.symbols.Du symbols/ifconfig.Du symbols/top.symbols.p symbols/top.symbols.Du tripwire_info/tw.files.md5_fail tripwire_info/tw.report.md5 tripwire_info/tw.db.rh62standard