filmov
tv
The Linux Forensics tools you need to learn and master
Показать описание
🎓 MCSI Certified DFIR Specialist 🎓
💻🔎 MCSI Digital Forensics Library 🔎💻
🐧 🔎 Top 10 forensic artefacts and data sources on Linux 🔎 🐧
🐧 🧪 Setting up a lab to practice Linux Forensics 🧪 🐧
Linux forensics tools are used to help investigate cases of data breaches and system intrusions. These tools can be used to collect and analyze evidence from a variety of sources, including system logs, network traffic, and memory dumps. In many cases, these tools can be used to identify the source of an intrusion and track down the perpetrator.
In the video we will discuss the most common command-line tools and automated tools to aid in your investigations:
🧰 LiME (Linux Memory Extractor)
LiME is a forensics tool that allows investigators to collect volatile data from a suspect's computer. This data includes information such as running processes, open files, and network connections. LiME is open source and freely available, making it a valuable tool for investigators on a budget.
🧰 Linux Commands
Linux forensics commands can be used to investigate a system for evidence of criminal activity. The head and tail commands can be used to view the beginning and end of a file, respectively. The grep command can be used to search for specific text within a file. The find command can be used to locate files on a system. The sed command can be used to edit files.
🧰 Piping
Piping is the process of connecting the output of one command to the input of another command. This allows the output of one command to be used as the input for another command without having to first save the output to a file. This can be useful for quickly analyzing large amounts of data or for combining multiple commands to perform more complex tasks.
🧰 Scripting
Scripts can be used to automate the collection and analysis of forensic data on a Linux system. This could be to simplify and speed up the forensic investigation process, as well as to ensure that all necessary data is collected.
There are many different ways to approach linux forensics scripting, depending on the needs of the investigation. One common approach is to create a script that can be run on a live system to collect data such as system and user activity, running processes, and open files. This data can then be analyzed offline to look for evidence of wrongdoing.
Another approach is to create a script that can be run on a disk image of a Linux system.
🧰 Google Rapid Response
These are a set of free tools that allow law enforcement and security professionals to quickly and easily collect, preserve, and analyze digital evidence from Windows computers. The tools are designed to be used in the field, and can be run from a USB drive or CD. They include a bootable forensics environment, a timeline viewer, a file viewer, and a keyword search tool. The tools are easy to use and require no prior forensics experience.
🧰 Velociraptor
Velociraptor is a powerful and easy-to-use tool that can be used to investigate a wide variety of crimes. It is particularly useful for investigating digital crimes such as hacking, cyberbullying, and child pornography. Velociraptor is able to collect a wide range of evidence including emails, chat logs, and website histories. It can also be used to create detailed reports that can be used in court.
💻🔎 MCSI Digital Forensics Library 🔎💻
🐧 🔎 Top 10 forensic artefacts and data sources on Linux 🔎 🐧
🐧 🧪 Setting up a lab to practice Linux Forensics 🧪 🐧
Linux forensics tools are used to help investigate cases of data breaches and system intrusions. These tools can be used to collect and analyze evidence from a variety of sources, including system logs, network traffic, and memory dumps. In many cases, these tools can be used to identify the source of an intrusion and track down the perpetrator.
In the video we will discuss the most common command-line tools and automated tools to aid in your investigations:
🧰 LiME (Linux Memory Extractor)
LiME is a forensics tool that allows investigators to collect volatile data from a suspect's computer. This data includes information such as running processes, open files, and network connections. LiME is open source and freely available, making it a valuable tool for investigators on a budget.
🧰 Linux Commands
Linux forensics commands can be used to investigate a system for evidence of criminal activity. The head and tail commands can be used to view the beginning and end of a file, respectively. The grep command can be used to search for specific text within a file. The find command can be used to locate files on a system. The sed command can be used to edit files.
🧰 Piping
Piping is the process of connecting the output of one command to the input of another command. This allows the output of one command to be used as the input for another command without having to first save the output to a file. This can be useful for quickly analyzing large amounts of data or for combining multiple commands to perform more complex tasks.
🧰 Scripting
Scripts can be used to automate the collection and analysis of forensic data on a Linux system. This could be to simplify and speed up the forensic investigation process, as well as to ensure that all necessary data is collected.
There are many different ways to approach linux forensics scripting, depending on the needs of the investigation. One common approach is to create a script that can be run on a live system to collect data such as system and user activity, running processes, and open files. This data can then be analyzed offline to look for evidence of wrongdoing.
Another approach is to create a script that can be run on a disk image of a Linux system.
🧰 Google Rapid Response
These are a set of free tools that allow law enforcement and security professionals to quickly and easily collect, preserve, and analyze digital evidence from Windows computers. The tools are designed to be used in the field, and can be run from a USB drive or CD. They include a bootable forensics environment, a timeline viewer, a file viewer, and a keyword search tool. The tools are easy to use and require no prior forensics experience.
🧰 Velociraptor
Velociraptor is a powerful and easy-to-use tool that can be used to investigate a wide variety of crimes. It is particularly useful for investigating digital crimes such as hacking, cyberbullying, and child pornography. Velociraptor is able to collect a wide range of evidence including emails, chat logs, and website histories. It can also be used to create detailed reports that can be used in court.
0:04:11
0:11:27
0:13:48
0:01:00
0:04:06
0:29:28
0:07:20
0:09:23
0:03:37
0:42:00
0:01:13
0:02:35
0:05:00
0:00:27
0:17:03
0:00:51
0:28:18
0:25:16
0:43:07
0:02:21
0:06:01
0:02:00
0:03:36
![[Linux] Android Acquisition](https://i.ytimg.com/vi/UQYuaOC5v0I/hqdefault.jpg)
0:18:16