Bruce Nikkel 1_3_linux_as_platform.pdf
Bruce Nikkel 1_3_linux_as_platform.pdf
Bruce Nikkel 1_3_linux_as_platform.pdf
Kartei Details
Karten | 7 |
---|---|
Sprache | English |
Kategorie | Informatik |
Stufe | Universität |
Erstellt / Aktualisiert | 20.06.2019 / 02.07.2021 |
Lizenzierung | Keine Angabe |
Weblink |
https://card2brain.ch/box/20190620_bruce_nikkel_13linuxasplatform_pdf
|
Einbinden |
<iframe src="https://card2brain.ch/box/20190620_bruce_nikkel_13linuxasplatform_pdf/embed" width="780" height="150" scrolling="no" frameborder="0"></iframe>
|
What are the advantages of FOSS (free and open source software) forensics?
Advantages:
- No license fees or usage cost
- Transparency, can review source code
- Can modify / fix (you have the source)
- Scripting and automation
- good for learning and research
- community support can be great
Disadvantages
- community support can be horrible
- not good compatibility with proprietary file formats
- Not always easy to use (lots of command line)
- Poor documentation
- Volunteers projects might be abandoned
- No guarantee "as is", "use at your own risk"
what are some of the common shells used today and what can you do in the shell?
Common shells used today:
- bash - most popular
- zsh - highly customizable
- ksh, csh, Bourne(sh) - more traditional UNIX
- busybox - emergency shell
You can do a lot in a shell:
- execute user commands or shell scripts
- manage files, processes
- network and system administration
- terminal based applications
- many GUI programs are just shell frontends
Name 3 file descriptors.
- stdin - input (0), data into a program
- stdout - output (1), data from a program
- stderr - error (2), error/debug data from a program
name 4 commands which can be used to pipe data into and out of a program.
- ">" send data from a program to a file (create file if needed)
- ">>" append data from a program to a file (create if needed)
- "<" send data from a file to a program
- "|" send data from a program to a program
Name 4 different commands to list hardware
- lsusb - displaying information about USB busses in the system and the devices connected to them.
- lspci - displays information about the PCI busses in the system and the devices connected to them.
- lshw (lshw -businfo) - is a small to to extract detailed information on the hardware configuration of the system
- lsblk - lists information about all available or the specified block devices.
A block device is a computer data storage device that supports reading and (optionally) wtriting data in fixed-size blocks, sectors, or clusters.
What devices can be found in /dev ?
- SATA and SCSI are /dev/sda, /dev/sdb, /dev/sdc, ...
- NVME is /dev/nvme0n1, /dev/nvme1n1, ...
- MMC caards are /dev/mmcblk0, /dev/mmcblk1, ...
- Tapes are /dev/st0, /dev/nst0, /dev/st1
Partitions are added to the raw device name
- /dev/sda1, /dev/sda2, ...
What tools can be used for digital forensics? (type of tools not specific names)
- forensic acquisition/analysis developed tools (like TSK)
- troubleshooting and diagnostic tools
- hacking and pentest tools
- tools for repairing corrupt files
- tools for extracting or convertiong data
- tools for debugging and tracing code
- tools for disassembly and decompiling code
- tools for searching (grep)