Chapter 9. Introduction to Unix for Forensic Examiners

Ideally, an investigator has years of in-depth experience administering and programming an operating environment before attempting a forensic investigation on it. It is clear to us from classes and seminars that the need for skillful Unix investigators exceeds the supply. Experienced Unix users may wish to skip ahead while we provide some background information for those readers who don’t have a significant background in Unix. Consider the brief introduction provided in this chapter as the minimum level of Unix knowledge required to examine a Unix system. As we’ve stated repeatedly in previous chapters, always do your best to preserve original evidence. The easiest way to accomplish this ...

Get Computer Forensics: Incident Response Essentials now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.