-
Book Overview & Buying
-
Table Of Contents
Digital Forensics Cookbook
By :
The following steps outline a practical approach to analyzing Linux systems by focusing on common artifacts that help establish user activity, system configuration, and investigative context.
These artifacts help determine which user accounts exist, which users may have administrative privileges, the system hostname and distribution/version, default user environments and login shells, and whether service accounts or unusual users were present.
/etc/passwd
/etc/shadow
/etc/group
/etc/hostname
/etc/hosts
/etc/os-release
These artifacts help determine successful logins, failed login attempts, SSH access activity, session durations, and possible brute-force or unauthorized access attempts.
/var/log/auth.log