Chapter 9. Introduction to Unix for Forensic Examiners

Ideally, an investigator has years of in-depth experience administering and programming an operating environment before attempting a forensic investigation on it. It is clear to us from classes and seminars that the need for skillful Unix investigators exceeds the supply. Experienced Unix users may wish to skip ahead while we provide some background information for those readers who don’t have a significant background in Unix. Consider the brief introduction provided in this chapter as the minimum level of Unix knowledge required to examine a Unix system. As we’ve stated repeatedly in previous chapters, always do your best to preserve original evidence. The easiest way to accomplish this ...

Get Computer Forensics: Incident Response Essentials now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.