Investigating Linux Devices
Buy now
Learn more
Welcome and Introduction
Welcome and Introduction
Initial Setup
Initial Setup
Introduction to Linux
History
Distros
Windows Subsystem for Linux (WSL)
Appliances
Root Directory Structure
File and Directory Permissions
Users and Groups
Shells and Command History
Linux Logs
Authentication and Security
Syslog and Kernel
Web Services
Firewalls and Proxies
auditd
Sysmon for Linux
VMware ESXi and vCenter
Miscellaneous
Linux File Systems
ext2
ext3
ext4
File System Analysis
Timestomping
Btrfs
XFS
OpenZFS
Persistence Mechanisms
init.d and systemd Services
systemd Timers and Cron Jobs
SSH Keys
Additional Techniques
Evidence Collection
dd, dcfldd, and dc3dd
Acquire Volatile Memory for Linux (AVML)
Unix-like Artifacts Collector (UAC)
Virtualized Environments
Timelining
The Sleuth Kit (TSK) fls and mactime
Plaso/Log2Timeline
Linux Memory Forensics
Installing and Configuring Volatility 3
Process Enumeration
Command History
Network Activity
Code Injection
Dumping Memory
Other Useful Plugins
Live Response
The Scenario
Walkthrough with UAC
Analyzing a Compromised System
The Scenario
Evidence Preparation
Disk Image Analysis
Memory Image Analysis
Additional Content
Chaos at Cobalt
Knowledge Assessment
Knowledge Assessment
Products
Course
Section
Analyzing a Compromised System
Analyzing a Compromised System
Investigating Linux Devices
Buy now
Learn more
Welcome and Introduction
Welcome and Introduction
Initial Setup
Initial Setup
Introduction to Linux
History
Distros
Windows Subsystem for Linux (WSL)
Appliances
Root Directory Structure
File and Directory Permissions
Users and Groups
Shells and Command History
Linux Logs
Authentication and Security
Syslog and Kernel
Web Services
Firewalls and Proxies
auditd
Sysmon for Linux
VMware ESXi and vCenter
Miscellaneous
Linux File Systems
ext2
ext3
ext4
File System Analysis
Timestomping
Btrfs
XFS
OpenZFS
Persistence Mechanisms
init.d and systemd Services
systemd Timers and Cron Jobs
SSH Keys
Additional Techniques
Evidence Collection
dd, dcfldd, and dc3dd
Acquire Volatile Memory for Linux (AVML)
Unix-like Artifacts Collector (UAC)
Virtualized Environments
Timelining
The Sleuth Kit (TSK) fls and mactime
Plaso/Log2Timeline
Linux Memory Forensics
Installing and Configuring Volatility 3
Process Enumeration
Command History
Network Activity
Code Injection
Dumping Memory
Other Useful Plugins
Live Response
The Scenario
Walkthrough with UAC
Analyzing a Compromised System
The Scenario
Evidence Preparation
Disk Image Analysis
Memory Image Analysis
Additional Content
Chaos at Cobalt
Knowledge Assessment
Knowledge Assessment
4 Lessons
The Scenario
Evidence Preparation
Disk Image Analysis
Memory Image Analysis