Chapter 6. UNIX Forensic Analysis
Cory Altheide and Eoghan Casey

Contents

Introduction to UNIX301
Boot Process304
Forensic Duplication Consideration306
File Systems306
User Accounts326
System Configuration328
Artifacts of User Activities329
Internet Communications339
Firefox 3339
Cache344
Saved Session344
E-Mail Analysis345
Chat Analysis350
Memory and Swap Space351
References351

Introduction to UNIX

UNIX originated in the depths of Bell Labs in the late 1960s. During the 1970s it became widely used in academia, and in the 1980s AT&T released UNIX System V, which saw widespread commercial use. Meanwhile, researchers at UC Berkeley were developing a plethora of useful code additions to the UNIX core, including core networking code that is still in ...

Get Handbook of Digital Forensics and Investigation now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.