It is important to look everywhere on the system for unusual or hidden files (files that start with a period and are normally not shown by the “ls�? command), as these can be used to hide tools and information (password cracking programs, password files from other systems, etc.). A common technique on UNIX systems is to put a hidden directory or file in a user’s account with an unusual name, something like ‘…’ or ‘.. ‘ (dot dot space) or ‘..^G’ (dot dot control-G). The find program can be used to look for hidden files.

To look for hidden files, use the following commands:
# find / -name “.. ” -print -xdev
# find / -name “.*” -print -xdev | cat -v