Linux Archives - Forensic Focus

[Linux] DRONE expanding to multi-platform solutions

21st October 2021

Binalyze DRONE is a remote digital forensics investigation solution that provides you with the capability to quickly understand your network by acquiring and analyzing data across all endpoints in minutes. With each release version, we are adding new improvements and… Read more

Bruteforcing Linux Full Disk Encryption (LUKS) With Hashcat

12th May 202022nd February 2018

by Patrick Bell This walk-through will show you how to Bruteforce LUK volumes using hashcat, how you can mount a LUK partition, and how we can image it once it’s decrypted. Scenario: You’ve got a Macbook in. MacOS has been… Read more

Linux Memory Forensics: Dissecting the User Space Process Heap

12th May 202016th October 2017

by Frank Block and Andreas Dewald Abstract The analysis of memory during a forensic investigation is often an important step to reconstruct events. While prior work in this field has mostly concentrated on information residing in the kernel space (process… Read more

Asking A VPS To Image Itself

12th May 202015th February 2017

by Chris Cohen There is a Linux Virtual Private Server (VPS) that you have been tasked to collect using a forensically sound method while ensuring confidentiality, integrity and availability. You have the password for a user who has ssh access… Read more

Meeting A Forensic Challenge: Recovering Data From A Jolla Smartphone

12th May 202014th September 2016

by Davide Gabrini, Andrea Ghirardini, Mattia Epifani and Francesco Acchiappati Preface During the hacking camp MOCA 2016, at the end of a talk held by Davide “Rebus” Gabrini on passcode circumvention methods on mobile devices, a bystander offered an intriguing… Read more

Linux Timestamps, Oh boy!

12th May 202025th August 2015

Timestamps are critical for analysts; they usually deal with different filesystems and understanding how the file timestamps work on each is crucial to what they do. If you do an online search for linux timestamps, you’ll get ton of information… Read more

NAS Forensics Explained

12th May 202029th July 2015

by Oleg Afonin, Danil Nikolaev & Yuri Gubanov © Belkasoft Research 2015 Network Attached Storage (NAS) have a long track history of corporate deployments. Their scaled-down versions (ranging from single-bay to four-drive enclosures) are frequently used at homes and in… Read more

Linux for computer forensic investigators: «pitfalls» of mounting file systems

12th May 202017th July 2011

First published October 2009 by Suhanov Maxim ITDefence.Ru Introduction Forensic Linux distribution is a customized Linux distribution that is commonly used to complete different tasks during computer forensics investigations. These distributions are often used to complete the following tasks: –… Read more

Linux ‘dd’ basics

12th May 202014th July 2011

First published March 2008 Linux dd can be a powerful and flexible tool to have in your box.You will find it installed by default on the majority of Linux distributions available today and it can be used for a multitude… Read more