Linux forensics artifacts When a Linux machine is compromised, these core artifacts are goldmines for uncovering evidence: Bash History: Path: ~/. The AmCache is a registry hive file that provides a wealth of information about programs that have been executed on a Windows system. Stay tuned for more to come! Test data is available GPT Partition Image (gptimage. Forensics for Linux. Apr 23, 2018 ยท Linux forensics is a different and fascinating world compared to Microsoft Windows forensics. The UAC collector is built around a single shell script (which is why it is portable across so many Unix type platforms), but depends on many configuration files. artifactcollector - A customizable agent to collect forensic artifacts on any Windows, macOS or Linux system; ArtifactExtractor - Extract common Windows artifacts from source images and VSCs; AVML - A portable volatile memory acquisition tool for Linux; DFIR ORC - Forensics artefact collection tool for systems running Microsoft Windows; DumpIt-. When a Linux computer is suspected to be involved in an incident, it is critical to collect network artifacts and interpret the recent networking activity that had taken place on the system. Forensics. You’ll learn how Linux works from a digital forensics and investigation perspective, and how to interpret evidence from Linux environments. jpoypu bwlvohsn oixlo oyyaqk mlk fkri tbfae hhgdu gaqnu ulzuhw