Langbeschreibung
"A thorough resource for forensic investigators, this book covers a variety of methods and techniques for locating and analyzing digital evidence found on modern Linux systems after a security incident or cyberattack. Readers will learn how Linux works from a digital forensics and investigation perspective and how to interpret evidence using tool-independent techniques relevant to any forensic analysis platform"--
Inhaltsverzeichnis
IntroductionChapter 1: Digital Forensics OverviewChapter 2: Linux OverviewChapter 3: Extracting Evidence from Storage Devices and FilesystemsChapter 4: Directory Layout and Forensic Analysis of Linux FilesChapter 5: Investigating Evidence from Linux LogsChapter 6: Reconstructing System Boot and InitializationChapter 7: Examination of Installed Software PackagesChapter 8: Identifying Network Configuration ArtifactsChapter 9: Forensic Analysis of Time and LocationChapter 10: Reconstructing User Desktops and Login ActivityChapter 11: Forensic Traces of Attached Peripheral DevicesAfterwordAppendix A: File and Directory List for Digital Investigators