4DIRECTORY LAYOUT AND FORENSIC ANALYSIS OF LINUX FILES
The previous chapter described forensic analysis of storage and filesystems, the low-level building blocks that create the illusion of a hierarchical file tree. This chapter focuses on the layout of that file tree, takes a closer look at individual files, and identifies specific areas of interest to digital forensic examiners.
Linux Directory Layout
When performing a forensic examination of a Linux system, understanding the organization of files and directories on a drive helps the investigator to locate areas and artifacts of interest quickly and ignore areas that are less likely to contain ...
Get Practical Linux Forensics now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
