Division Zero (Div0). Copyright © 2011-2018

All rights reserved.

Linux Forensics (for Non-Linux Folks)

10 Jul 2012

On 10th July 2011, SANS faculty fellow and creator of SANS GIAC Linux / Unix security track - Hal Pomeranz - gave a brief presentation on "Linux forensics (for non-Linux folks)" at SANS Singapore Community Night.


Most forensics cases rovers around the Windows operating system (OS), the most common end-point machine, where cyber crime usually take place. Still, the skills to investigate a Linux / Unix machine is vital as they are usually used in critical system / infrastructure.


Hal highlighted various artefacts forensics officers should look into when conducting an investigation. You can find his presentation slides here - it pretty much sums up the presentation, but he showed more stuff during the demonstration (e.g. how looking into /var/lib/dhcp allows you to find out where the machine has been).

Share on Facebook
Share on Twitter
Please reload


September 5, 2017

Please reload

Please reload

RSS Feed