Forensic Guide To Linux
Forensic Guide To Linux
I. Installation
Distributions
Installation Methods:
Installation Overview
The New 2.6 Linux Kernel
II. Linux Disks, Partitions and the Filesystem
Disks
Partitions
Using modules
Modules on Newer systems
The Filesystem
III. The Linux Boot Sequence (Simplified)
Booting the kernel
Initialization
Runlevel
Global Startup Scripts
Bash
IV. DOS / Linux Equivalent Commands
"DOS command" = Linux equivalent
Additional useful commands
File Permissions
Metacharacters
Command Hints
Pipes and Redirection
The SuperUser
V. Editing with Vi
Using Vi
Vi command summary
VI. Mounting File Systems on Disks
The Mount Command
The file system table (/etc/fstab)
VII. Linux and Forensics
Included Forensic Tools
Analysis organization
Determining the structure of the disk
Creating a forensic image of the suspect disk
Mounting a restored image
File Hash
The analysis
Making a list of all files
Making a list of file types
Viewing files
Searching unallocated and slack space for text
VIII.Common Forensic Issues
Handling large disks
Preparing a disk for the suspect image
IX. Advanced (Beginner) Forensics
The Command Line on Steroids
Fun with DD
Splitting files and images
Data Carving with dd
Carving partitions with dd
The NASA Enhanced Loopback Driver
Determining the Subject Disk Filesystem Structure
X. Advanced Forensic Tools
Sleuthkit
Autopsy
SMART for Linux
Other Advanced Linux Forensic Tools
XI. Bootable Linux Distributions
Tomsrtbt - boot from a floppy
Knoppix - Full Linux without the install
Penguin Sleuth - Knoppix with a forensic flavor
White Glove Linux - Dr. Fred Cohen
SMART for Linux - It’s bootable!
Conclusion
XI. Linux Support
Web sites to check for support:
Powered by
GitBook
XI. Linux Support
XI. Linux Support
results matching "
"
No results matching "
"