Langbeschreibung
A resource to help forensic investigators locate, analyze, and understand digital evidence found on modern Linux systems after a crime, security incident or cyber attack.
Practical Linux Forensics dives into the technical details of analyzing postmortem forensic images of Linux systems which have been misused, abused, or the target of malicious attacks. It helps forensic investigators locate and analyze digital evidence found on Linux desktops, servers, and IoT devices. Throughout the book, you learn how to identify digital artifacts which may be of interest to an investigation, draw logical conclusions, and reconstruct past activity from incidents. You'll learn how Linux works from a digital forensics and investigation perspective, and how to interpret evidence from Linux environments. The techniques shown are intended to be independent of the forensic analysis platforms and tools used.
Learn how to:
Inhaltsverzeichnis
IntroductionChapter 1: Digital Forensics OverviewChapter 2: Linux OverviewChapter 3: Extracting Evidence from Storage Devices and FilesystemsChapter 4: Directory Layout and Forensic Analysis of Linux FilesChapter 5: Investigating Evidence from Linux LogsChapter 6: Reconstructing System Boot and InitializationChapter 7: Examination of Installed Software PackagesChapter 8: Identifying Network Configuration ArtifactsChapter 9: Forensic Analysis of Time and LocationChapter 10: Reconstructing User Desktops and Login ActivityChapter 11: Forensic Traces of Attached Peripheral DevicesAfterwordAppendix A: File and Directory List for Digital Investigators