Shell Commands for Forensics
There are hundreds of shell commands, and earlier in this chapter you were given a few links to some shell tutorials. Many of those commands are basic file/directory navigation, network administration, and general commands. In this section, you are introduced to a few Linux shell commands that can be very useful in your forensic investigations.
The dmesg Command
When your system boots up, you see a lot of information telling you what processes are starting, what processes failed, what hardware is being initialized, and more. This can be invaluable information to a forensic investigation. You can use the dmesg command to view all the messages that were displayed during the boot process.
The command dmesg displays ...
Get System Forensics, Investigation, and Response, 3rd Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
