Investigating Linux Devices

$895

Investigating Linux Devices

Course
50 Lessons
365-day access

Starting with fundamental principles, Investigating Linux Devices rapidly progresses to encompass log analysis, file systems, persistence mechanisms, memory forensics, live response, and more! This course offers extensive hands-on practice and a capstone involving the analysis of a compromised system. Tailored for both beginners and seasoned professionals, it serves as an ideal resource for mastering Linux forensics!

Buy now

Frequently Asked Questions

How long is this course?

Approximately 10 hours for the video content; however, there are five (5) included disk and memory images. The total time required to complete all modules/lessons and perform image analysis is estimated at 20-40 hours.

How long will I have access once I purchase the course?

365-day access is included for all courses. Enjoy a 25% discount if you re-enroll after your initial access period.

🏅 Is there a certification associated with this course?

Yes! You can earn a certification by passing the Knowledge Assessment included with every course purchase. See training.13cubed.com/certifications for details.

Are there any prerequisites?

No, this course is designed to be beginner friendly, even if you haven't previously used Linux. If you are using a Windows device, you will need to run Linux virtual machines (provided) to follow along. Or, you can use a native Linux device if you prefer.

Will new content be added?

Yes! The content will be updated to reflect any significant changes to the topics covered in this course to ensure it remains relevant over time.

Can I suggest new topics for potential inclusion in future modules/lessons?

Yes! Contact us at info@13cubed.com.

Can I obtain a certificate of completion at the end of the course?

Yes! Upon completion of the course, you will automatically receive an email with a link to download your personalized certificate.

🛒 Are bulk purchase discounts available for companies?

Yes! See training.13cubed.com/bulk-purchases for details.

Course Contents

Welcome and Introduction

Initial Setup

Introduction to Linux

History

Distros

Windows Subsystem for Linux (WSL)

Appliances

Root Directory Structure

File and Directory Permissions

Users and Groups

Shells and Command History

Linux Logs

Authentication and Security

Syslog and Kernel

Web Services

Firewalls and Proxies

auditd

Sysmon for Linux

VMware ESXi and vCenter

Miscellaneous

Linux File Systems

ext2

ext3

ext4

File System Analysis

Timestomping

Btrfs

XFS

OpenZFS

Persistence Mechanisms

init.d and systemd Services

systemd Timers and Cron Jobs

SSH Keys

Additional Techniques

Evidence Collection

dd, dcfldd, and dc3dd

Acquire Volatile Memory for Linux (AVML)

Unix-like Artifacts Collector (UAC)

Virtualized Environments

Timelining

The Sleuth Kit (TSK) fls and mactime

Plaso/Log2Timeline

Linux Memory Forensics

Installing and Configuring Volatility 3

Process Enumeration

Command History

Network Activity

Code Injection

Dumping Memory

Other Useful Plugins

Live Response

The Scenario

Walkthrough with UAC

Analyzing a Compromised System

The Scenario

Evidence Preparation

Disk Image Analysis

Memory Image Analysis