Our website may use cookies to improve and personalize your experience and to display advertisements (if any). Our website may also include cookies from third parties like Google Adsense or Google Analytics. By using the website, you consent to the use of cookies. We’ve updated our Privacy Policy. Please click on the button to check our Privacy Policy.

Ok, I Agree

AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Linux

Working on the Tools and Artifact list for Linux-based Operating Systems, its coming soon.

Notable reference site:  “This new 2017 version of the LinuxLeo guide expands the exercises and content to cover some of these new tools. But more importantly it provides more of a “platform” approach to Linux, providing some introduction into the configuration and maintenance of Linux. This new version of the guide still concentrates on tools, but also tries to impart the idea that Linux is a platform that forensic examiners need to know and maintain to use effectively and safely. Read more here.” 

Test data is available GPT Partition Image (gptimage.raw.gz), Fat File System Image (fat_fs.raw), “Able2” Ext2 Disk Image , able2.tar.gz), “Able3” Ext4 Disk Image (able_3.tar.gz), Practice Log Archive (logs.v3.tar.gz), Carve Image (image_carve_2017.raw), and NTFS Image (ntfs_Pract_2017_E01.tar.gz).