Premium Partner
c2b_default

Bruce Nikkel 1_3_linux_as_platform.pdf

Bruce Nikkel 1_3_linux_as_platform.pdf

Bruce Nikkel 1_3_linux_as_platform.pdf

7
0.0 (0)

Kartei Details

Karten 7
Sprache English
Kategorie Informatik
Stufe Universität
Erstellt / Aktualisiert 20.06.2019 / 02.07.2021
Lizenzierung Keine Angabe
Weblink
https://card2brain.ch/box/20190620_bruce_nikkel_13linuxasplatform_pdf
Einbinden
<iframe src="https://card2brain.ch/box/20190620_bruce_nikkel_13linuxasplatform_pdf/embed" width="780" height="150" scrolling="no" frameborder="0"></iframe>

What are the advantages of FOSS (free and open source software) forensics?

Advantages:

  • No license fees or usage cost
  • Transparency, can review source code
  • Can modify / fix (you have the source)
  • Scripting and automation
  • good for learning and research
  • community support can be great

Disadvantages

  • community support can be horrible
  • not good compatibility with proprietary file formats
  • Not always easy to use (lots of command line)
  • Poor documentation
  • Volunteers projects might be abandoned
  • No guarantee "as is", "use at your own risk"

what are some of the common shells used today and what can you do in the shell?

Common shells used today:

  • bash - most popular
  • zsh - highly customizable
  • ksh, csh, Bourne(sh) - more traditional UNIX
  • busybox - emergency shell

You can do a lot in a shell:

  • execute user commands or shell scripts
  • manage files, processes
  • network and system administration
  • terminal based applications
  • many GUI programs are just shell frontends

 

Name 3 file descriptors.

  • stdin - input (0), data into a program
  • stdout - output (1), data from a program
  • stderr - error (2), error/debug data from a program

name 4 commands which can be used to pipe data into and out of a program.

  • ">" send data from a program to a file (create file if needed)
  • ">>" append data from a program to a file (create if needed)
  • "<" send data from a file to a program
  • "|" send data from a program to a program

Name 4 different commands to list hardware

  • lsusb - displaying information about USB busses in the system and the devices connected to them.
  • lspci - displays information about the PCI busses in the system and the devices connected to them.
  • lshw (lshw -businfo) - is a small to to extract detailed information on the hardware configuration of the system
  • lsblk - lists information about all available or the specified block devices.

A block device is a computer data storage device that supports reading and (optionally) wtriting data in fixed-size blocks, sectors, or clusters.

What devices can be found in /dev ?

  • SATA and SCSI are /dev/sda, /dev/sdb, /dev/sdc, ...
  • NVME is  /dev/nvme0n1, /dev/nvme1n1, ...
  • MMC caards are /dev/mmcblk0, /dev/mmcblk1, ...
  • Tapes are /dev/st0, /dev/nst0, /dev/st1

Partitions are added to the raw device name

  • /dev/sda1, /dev/sda2, ...

What tools can be used for digital forensics? (type of tools not specific names)

  • forensic acquisition/analysis developed tools (like TSK)
  • troubleshooting and diagnostic tools
  • hacking and pentest tools
  • tools for repairing corrupt files
  • tools for extracting or convertiong data
  • tools for debugging and tracing code
  • tools for disassembly and decompiling code
  • tools for searching (grep)