book

Practical Linux Forensics

by Bruce Nikkel

October 2021

Beginner to intermediate

400 pages

11h 15m

English

No Starch Press

Read now

Unlock full access

Why I Wrote This BookTarget Audience and PrerequisitesScope and OrganizationConventions and Format
Digital Forensics HistoryForensic Analysis Trends and ChallengesPrinciples of Postmortem Computer Forensic AnalysisSpecial Topics in Forensics

History of LinuxModern Linux SystemsLinux DistributionsForensic Analysis of Linux Systems
Analysis of Storage Layout and Volume ManagementFilesystem Forensic AnalysisAn Analysis of ext4An Analysis of btrfsAn Analysis of xfsLinux Swap AnalysisAnalyzing Filesystem EncryptionSummary
Linux Directory LayoutLinux File Types and IdentificationLinux File AnalysisCrash and Core DumpsSummary
Traditional SyslogSystemd JournalOther Application and Daemon LogsKernel and Audit LogsSummary
Analysis of BootloadersAnalysis of Kernel InitializationAnalysis of SystemdPower and Physical Environment AnalysisSummary
System IdentificationDistro Installer AnalysisPackage File Format AnalysisPackage Management System AnalysisUniversal Software Package AnalysisOther Software Installation AnalysisSummary
Network Configuration AnalysisWireless Network AnalysisNetwork Security ArtifactsSummary
Linux Time Configuration AnalysisInternationalizationLinux and Geographic LocationSummary
Linux Login and Session AnalysisAuthentication and AuthorizationLinux Desktop ArtifactsUser Network AccessSummary
Linux Peripheral DevicesPrinters and ScannersExternal Attached StorageSummary

Content preview from Practical Linux Forensics

INDEX

A

abrt (automated bug reporting tool), 107

activation and on-demand services

concept behind, 168

D-Bus activation, 169

device activation, 171

path-based activation, 170

scheduled commands and timers, 172–175

socket activation, 168

addressing, 226–229

advanced persistent threat (APT) malware, 3

Anaconda, 190

analysis hosts, xxix

Anonymous, 3

anti-forensics, 9

AppImage, 213–215

application crash data, 107–109

application logs, 129–135

application metadata, 99

application plug-ins, 223

APT, see advanced persistent threat (APT) malware, 3

apt command, 203–206

Arch Linux, 27, 192

Arch pacman packages, 210–212

at program, 172

attached storage devices, 334–337

audit logs, 135–143

authentication and authorization, 288–303

biometric fingerprint ...

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

Start your free trial

Practical Linux System Administration

Kenneth Hess

Practical Windows Forensics

Ayman Shaaban, Konstantin Sapronov

Linux for Networking Professionals

Rob VandenBrink

Malware Forensics Field Guide for Linux Systems

Eoghan Casey, Cameron H. Malin, James M. Aquilina

Publisher Resources

ISBN: 9781098129781