Scribd Logo
Upload

Welcome to Scribd!

  • 41 views

    Lab2-Linux Forensics

    Uploaded by

    alwkilmunirh
    The document discusses Linux forensics and provides information on using various Linux commands and shell commands to examine Linux log files and collect volatile and non-volatile information from a Linux system for forensic analysis.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd

    Lab2-Linux Forensics

    Uploaded by

    alwkilmunirh
    41 views17 pages
    The document discusses Linux forensics and provides information on using various Linux commands and shell commands to examine Linux log files and collect volatile and non-volatile information from a Linux system for forensic analysis.

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    The document discusses Linux forensics and provides information on using various Linux commands and shell commands to examine Linux log files and collect volatile and non-volatile information from a Linux system for forensic analysis.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Download as pdf or txt
    41 views17 pages

    Lab2-Linux Forensics

    Uploaded by

    alwkilmunirh
    The document discusses Linux forensics and provides information on using various Linux commands and shell commands to examine Linux log files and collect volatile and non-volatile information from a Linux system for forensic analysis.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Download as pdf or txt
    of 17

    www.tvtc.gov.

    sa

    Digital Forensics
    Lab2: Linux Forensics

    Prepared by: Fatimah Albrahimi


    Outline

    • Work on kali Linux operating system


    • Use various shell commands
    • Examine Linux log files
    • Collect volatile and non-volatile information

    Prepared by: Fatimah Albrahimi


    Use various shell commands
    Commands Description
    sudo dmesg Present information about device drivers
    sudo dmesg | grep –i eth0 Present information about ethernet stored on eth0, grep if you
    want to search about specific information about eth0
    sudo fsck –n /dev/sda1 Check from all file system ensure from consistently, integrity
    and make a repair if there is a problem
    sudo stat /dev/ sdel Search about state of file system present all detail about file

    sudo stat / dev/ sdl


    ps -ef Present all run operation on device
    ps aux Present all details about files when it start and time for each
    file
    sudo mount -h Present any files hidden and OS cannot see it
    history 10 Present just the last 10 command user work on
    pstree -h Present all process in a tree format
    Prepared by: Fatimah Albrahimi
    Use various shell commands

    Prepared by: Fatimah Albrahimi


    Use various shell commands

    Prepared by: Fatimah Albrahimi


    Log Files
    log files: Linux log files are stored in plain-text and can be found in the /var/log directory and subdirectory.
    There are Linux logs for everything: system, kernel, package managers,..etc

    Commands Description

    ls /var/log -l To see where log file stored

    sudo ls -l /var/log/apache2/ Present all log file on Apache server.

    sudo more /var/log/auth.log Present all authorization details for each operation with time
    in OS

    cat /var/log/dpkg.log Present all the install and delete log files
    or
    cat /var/log/dpkg.log.1

    Prepared by: Fatimah Albrahimi


    Log Files

    Prepared by: Fatimah Albrahimi


    Log Files

    Prepared by: Fatimah Albrahimi


    Volatile and Non-Volatile Information
    • Volatile information
    • Volatile information can be easily modified or lost when the system is shut down or rebooted.
    • Collection volatile information helps to determine a logical timeline of the security incident.
    • Volatile data reside in registers, cache, and RAM.
    • Non-Volatile information
    • Non-volatile data remain unchanged when system is shut down or be unable to find power.
    • Example: Emails, word documents, and some deleted file.
    • Such data usually resides in HDD (swap files, slack space, unlocated drive space,…etc)

    Prepared by: Fatimah Albrahimi


    Volatile Information
    Commands Description
    netstat Present and extract all network information, connections,
    routing table for all interfaces
    last -F Present all logging and logout for each user with time and
    date on OS
    hostname The name of computer you use it
    ifconfig Present what you have on your computer cart ethernet,
    netmask, Ip address …etc.
    ifconfig –a Present more details about interface on the computer
    sudo lsof If there is any open file now and present it on list format
    sudo readelf --file-header /bin/ls Read all details of executable files from header of file
    arp Present all information about Ip address and devices
    communicate with this device on the same subnet
    ls –l /proc Present operations and information about it
    Prepared by: Fatimah Albrahimi
    Volatile Information

    Prepared by: Fatimah Albrahimi


    Volatile Information

    Prepared by: Fatimah Albrahimi


    Volatile Information

    Prepared by: Fatimah Albrahimi


    Non-Volatile information
    Commands Description

    sudo find /etc –type f –printf ‘%TY-%Tm-%Td-%TT %p\n’ Present the modified files in short time

    sudo find /etc –type f –printf ‘%TY-%Tm-%Td-%TT %p\n’ | Present the modified files in short time and sorted from the
    sort -r new to the older files.

    sudo cat /var/log/auth.log Present all users whose login with command they apply

    sudo chkrootkit Enter to all file systems and apply a check all of them and
    present any infect happen for any file

    ls –al /tmp Present the temporary files

    ls –lh /tmp Present the size of temporary file on linux

    Prepared by: Fatimah Albrahimi


    Non-Volatile information

    Prepared by: Fatimah Albrahimi


    Non-Volatile information

    Prepared by: Fatimah Albrahimi

    You might also like

    pFad - Phonifier reborn

    Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

    Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


    Alternative Proxies:

    Alternative Proxy

    pFad Proxy

    pFad v3 Proxy

    pFad v4 Proxy