Linux Forensics
Premium roomLearn about the common forensic artifacts found in the file system of Linux Operating System
medium
To access material, start machines and answer questions login.
In the previous few rooms, we learned about performing forensics on Windows machines. While Windows is still the most common Desktop Operating System, especially in enterprise environments, also constitutes a significant portion of the pie. Especially, is very common in servers that host different services for enterprises.
In an Enterprise environment, the two most common entry points for an external attacker are either through public-facing servers or through endpoints used by individuals. Since can be found in any of these two endpoints, it is useful to know how to find forensic information on a machine, which is the focus of this room.
Learning Objectives:
After completing this room, we will have learned:
- An introduction to and its different flavors.
- Finding , account, and system information on a machine
- Finding information about running processes, executed processes, and processes that are scheduled to run
- Finding system log files and identifying information from them
- Common third-party applications used in and their logs
Ready to learn Cyber Security?
The Linux Forensics room is only available for premium users. Signup now to access more than 500 free rooms and learn cyber security through a fun, interactive learning environment.
Already have an account? Log in