A Linux Forensics Starter Case Study

Linux is the dominant operating system used for the millions of web servers on which the Internet is built. ZDNet reports, in fact, that 96.3% of web servers run Linux. Because of this, a large number of incidents involving web… Read more

Linux Memory Forensics: Dissecting the User Space Process Heap

by Frank Block and Andreas Dewald Abstract The analysis of memory during a forensic investigation is often an important step to reconstruct events. While prior work in this field has mostly concentrated on information residing in the kernel space (process… Read more