Linux/Unix Forensics

Linux Forensic Analysis

4.1. Proc file system
4.2. cpuinfo, meminfo and interrupts
4.3. /proc/cmdline and /proc/uptime
4.4. /proc/version and/proc/acpi
4.5. /Proc processes Folders

5.1. EXT2, EXT3 and EXT4
5.2. Superblock and Group Descriptor Tables
5.3. Block Groups
5.4. Inodes
5.5. Hard links and Soft links
5.6. Alter MAC times
5.7. Indirect block pointers
5.8. Data unit layers

9.1. User activities
9.2. Process Accounting
9.3. Lastcomm
9.4. Syslog analysis
9.5. Logrotate analysis
9.6. Auth.log and Kern.log analysis