Practical Linux Forensics: A Guide for Digital Investigators

Practical Linux Forensics: A Guide for Digital Investigators
ISBN-10
1718501978
ISBN-13
9781718501973
Category
Computers
Pages
400
Language
English
Published
2021-10-12
Publisher
No Starch Press
Author
Bruce Nikkel

Description

A resource to help forensic investigators locate, analyze, and understand digital evidence found on modern Linux systems after a crime, security incident or cyber attack. Practical Linux Forensics dives into the technical details of analyzing postmortem forensic images of Linux systems which have been misused, abused, or the target of malicious attacks. It helps forensic investigators locate and analyze digital evidence found on Linux desktops, servers, and IoT devices. Throughout the book, you learn how to identify digital artifacts which may be of interest to an investigation, draw logical conclusions, and reconstruct past activity from incidents. You’ll learn how Linux works from a digital forensics and investigation perspective, and how to interpret evidence from Linux environments. The techniques shown are intended to be independent of the forensic analysis platforms and tools used. Learn how to: • Extract evidence from storage devices and analyze partition tables, volume managers, popular Linux filesystems (Ext4, Btrfs, and Xfs), and encryption • Investigate evidence from Linux logs, including traditional syslog, the systemd journal, kernel and audit logs, and logs from daemons and applications • Reconstruct the Linux startup process, from boot loaders (UEFI and Grub) and kernel initialization, to systemd unit files and targets leading up to a graphical login • Perform analysis of power, temperature, and the physical environment of a Linux machine, and find evidence of sleep, hibernation, shutdowns, reboots, and crashes • Examine installed software, including distro installers, package formats, and package management systems from Debian, Fedora, SUSE, Arch, and other distros • Perform analysis of time and Locale settings, internationalization including language and keyboard settings, and geolocation on a Linux system • Reconstruct user login sessions (shell, X11 and Wayland), desktops (Gnome, KDE, and others) and analyze keyrings, wallets, trash cans, clipboards, thumbnails, recent files and other desktop artifacts • Analyze network configuration, including interfaces, addresses, network managers, DNS, wireless artifacts (Wi-Fi, Bluetooth, WWAN), VPNs (including WireGuard), firewalls, and proxy settings • Identify traces of attached peripheral devices (PCI, USB, Thunderbolt, Bluetooth) including external storage, cameras, and mobiles, and reconstruct printing and scanning activity

Get the book

Amazon.com
Amazon.com
Search the book
eBay.com
eBay.com
Search the book

Other editions

Similar books

  • Family History Digital Libraries
    Family History Digital Libraries
    By William Sims Bainbridge

    One named Sara and Timberlake had 11 male workers, 1 female worker, and 4 children workers, so it might have employed the Minor family.

  • Foundation Dreamweaver MX
    Foundation Dreamweaver MX
    By Craig Grannell, Jerome Turner, Matt Stephens

    So here's what we need to do to arrive at our layout: s Create the main table to hold all the page elements. s Deal with the navigation area which is ...

  • Cisco CCNA Certification, 2 Volume Set: Exam 200-301
    Cisco CCNA Certification, 2 Volume Set: Exam 200-301
    By Todd Lammle

    This inclusive, two-book set provides what you need to know to succeed on the new CCNA exam. The set includes Understanding Cisco Networking Technologies: Volume 1 and the CCNA Certification Study Guide: Volume 2.

  • CompTIA Network+ Study Guide: Exam N10-006
    CompTIA Network+ Study Guide: Exam N10-006
    By Todd Lammle

    ... you can use: –a –A –c –n –r –R –S –s All nbtstat switches are case sensitive. Generally speaking, lowercase switches deal with NetBIOS names of hosts, ...

  • CompTIA Network+ Study Guide with Online Labs: N10-007 Exam
    CompTIA Network+ Study Guide with Online Labs: N10-007 Exam
    By Todd Lammle, Jon Buhagiar

    ... you can use: –a –A –c –n –r –R –S –s All nbtstat switches are case sensitive. Generally speaking, lowercase switches deal with NetBIOS names of hosts, ...

  • CCNA: Cisco Certified Network Associate FastPass
    CCNA: Cisco Certified Network Associate FastPass
    By Todd Lammle

    S The S reference point defines the point between the customer router and an ... with the letter E deal with using ISDN on the existing telephone network.

  • Stranger in the Chat Room
    Stranger in the Chat Room
    By Todd Hafer, Jedd Hafer

    A sequel to In the Chat Room With God finds a group of teens contacted by a mysterious and increasingly malevolent character who claims to know about their encounters with the Almighty and challenges their beliefs. Original.

  • Error Correction Coding: Mathematical Methods and Algorithms
    Error Correction Coding: Mathematical Methods and Algorithms
    By Todd K. Moon

    M M−1∑ k=0 −∞ ∞ k=0 The average energy per signal E s ∫ can be related to the ... we will deal primarily with additive white Gaussian noise (AWGN), ...

  • Security+ Training Guide
    Security+ Training Guide
    By Todd King

    ... to deal with most , but unfortunately not all , of these potential threats . ... The S / MIME standard implements encryption for message content using ...

  • CCDA: Cisco Certified Design Associate Study Guide: Exam 640-861
    CCDA: Cisco Certified Design Associate Study Guide: Exam 640-861
    By Todd Lammle, Andy Barkl

    S reference point The S reference point defines the reference point between ... with the letter E deal with using ISDN on the existing telephone network.