Linux/Unix Forensics

Linux Forensic Analysis

Linux Forensics course is intended for experienced forensic investigators and law enforcement agents. By the end of this course, the participants will be able to identify, collect, and analyze Linux artifacts and evidence. They will develop knowledge and skills to perform live analysis, capture volatile data, make images of media, analyze filesystems, analyze network traffic, analyze files, perform memory analysis, and analyze malware on a Linux system.

4.1. Proc file system
4.2. cpuinfo, meminfo and interrupts
4.3. /proc/cmdline and /proc/uptime
4.4. /proc/version and/proc/acpi
4.5. /Proc processes Folders

5.1. EXT2, EXT3 and EXT4
5.2. Superblock and Group Descriptor Tables
5.3. Block Groups
5.4. Inodes
5.5. Hard links and Soft links
5.6. Alter MAC times
5.7. Indirect block pointers
5.8. Data unit layers

9.1. User activities
9.2. Process Accounting
9.3. Lastcomm
9.4. Syslog analysis
9.5. Logrotate analysis
9.6. Auth.log and Kern.log analysis