Linux Forensics — Some Useful Artifacts

While Windows forensics is widely covered via a number of courses and articles, there are fewer resources introducing to the Linux Forensics world. I have recently had an opportunity to handle a Linux-based case. Hence, the article aims to share some useful artifacts which can be used as a checklist to assist a Linux forensics case and as a lead to further investigation.

OS forensics is the art of finding evidence/artifacts left by systems, apps and users’ activities to answer a specific question. Windows Forensics is well researched, in which there are multiple…