book

Practical Linux Forensics

by Bruce Nikkel

October 2021

Beginner to intermediate

400 pages

11h 15m

English

No Starch Press

Read now

Unlock full access

Why I Wrote This BookTarget Audience and PrerequisitesScope and OrganizationConventions and Format
Digital Forensics HistoryForensic Analysis Trends and ChallengesPrinciples of Postmortem Computer Forensic AnalysisSpecial Topics in Forensics

History of LinuxModern Linux SystemsLinux DistributionsForensic Analysis of Linux Systems
Analysis of Storage Layout and Volume ManagementFilesystem Forensic AnalysisAn Analysis of ext4An Analysis of btrfsAn Analysis of xfsLinux Swap AnalysisAnalyzing Filesystem EncryptionSummary
Linux Directory LayoutLinux File Types and IdentificationLinux File AnalysisCrash and Core DumpsSummary
Traditional SyslogSystemd JournalOther Application and Daemon LogsKernel and Audit LogsSummary
Analysis of BootloadersAnalysis of Kernel InitializationAnalysis of SystemdPower and Physical Environment AnalysisSummary
System IdentificationDistro Installer AnalysisPackage File Format AnalysisPackage Management System AnalysisUniversal Software Package AnalysisOther Software Installation AnalysisSummary
Network Configuration AnalysisWireless Network AnalysisNetwork Security ArtifactsSummary
Linux Time Configuration AnalysisInternationalizationLinux and Geographic LocationSummary
Linux Login and Session AnalysisAuthentication and AuthorizationLinux Desktop ArtifactsUser Network AccessSummary
Linux Peripheral DevicesPrinters and ScannersExternal Attached StorageSummary

Content preview from Practical Linux Forensics

8IDENTIFYING NETWORK CONFIGURATION ARTIFACTS

The forensic analysis of Linux systems includes examination of networking configuration and reconstruction of past network activity. This analysis can be used to understand a system breach or compromise, or abuse by local users on the machine. This chapter describes common Linux network configurations for both static systems like servers and dynamic clients like desktops and roaming laptops. The analysis includes network interfaces, assigned IP addresses, wireless networks, attached Bluetooth devices, and more. Security coverage includes examining evidence of VPNs, firewalls, and proxy settings.

This ...