You have been asked to perform a security audit on a computer system. The system administrator suspects that the pointer structure in the file system has been compromised, thus allowing certain unauthorized users to access critical system information. Describe how you would attempt to determine who is responsible for the security breach and how it was possible for them to modify the pointers.

What will be an ideal response?

This is a nontrivial task, but one that is receiving increasing attention in the literature
as more monumental security breaches occur. Intruders would tend to corrupt the pointer
structure for their own benefit and then disappear. More sophisticated breaches might
attempt to cover up the muddy footprints of the intrusion.The auditor might write a program
that would follow the modified pointers to their ultimate objects, and attempt to infer which
users would most want to corrupt the system to gain access to these objects.The point here is
that this is difficult to do, it may not be possible to recognize that the system has been corrupted
to begin with, and there is little guarantee that the auditor’s work will identify the miscreant.