LeoSep 2, 2025

What are your goto Linux memory dump tools for forensics?
/dev/mem access is restricted and depends on the iomem kernel parameter (honestly I did not entirely understand when this works and when not).
github.com/Velocidex/Linpmem
github.com/504ensicsLabs/LiME
are both kernel modules, and thus neer to be compilef for the specific kernel.

Is there some eBPF tool for memory dumping? Could this be made?

#Linux #Forensics #LinuxForensics #KernelModule #eBPF

Tedi HeriyantoOct 16, 2024

Linux Artifacts: Timestamps of Last SUDO Command Execution: https://cyberdefnerd.com/2024/10/06/linux-artifacts-timestamps-of-last-sudo-command-execution/

#sudo #LinuxForensics

Linux Artifacts: Timestamps of Last SUDO Command Execution – CyberDefNerd

Josh LemonSep 3, 2024

If you're interested in getting into #Linux #logging and evidence collection, this is an excellent write-up from @kostastsale that compares #EVTX logs on Windows with #Auditd, #SysMon for Linux, and native Linux logging.

#DFIR #LinuxForensics #SIEM #CSIRT

https://kostas-ts.medium.com/telemetry-on-linux-vs-windows-a-comparative-analysis-849f6b43ef8e

Telemetry on Linux vs. Windows: A Comparative Analysis

In today’s highly advanced IT environments, telemetry plays a vital role in monitoring, securing, and responding to incidents. Both the Linux and Windows platforms have their own mechanisms for…

Medium
Tedi HeriyantoApr 30, 2024

Linux Forensics Analysis Cheatsheet: https://fareedfauzi.github.io/2024/03/29/Linux-Forensics-cheatsheet.html

#LinuxForensics #cheatsheet

Cheatsheet: Linux Forensics Analysis - root@fareed:~#

Linux Forensic in a nutshell: Validate compromised Interviewing client/user/administrator (what, why, how, when, where, who?) Live response co...

Tedi HeriyantoSep 10, 2023

Linux Forensics Workshop @ DFRWS USA 2023 by Ali Hadi and team. The case used involved a compromised Hadoop cluster with compromised accounts, EoP, lateral movement, & diff persistent mechanisms: https://linuxdfir.ashemery.com/Workshops/DFRWS_USA_2023/

#dfir #LinuxForensics

Linux Forensics Workshop @ DFRWS USA 2023

Everything related to Linux Forensics

LinuxForensics
      0xD May 23, 2023
Linux Forensics - I have just completed this room! Check it out: https://tryhackme.com/room/linuxforensics #tryhackme #security #linux #dfir #forensics #artifacts #incidentresponse #linuxforensics via @RealTryHackMe
TryHackMe | Cyber Security Training

TryHackMe is a free online platform for learning cyber security, using hands-on exercises and labs, all through your browser!

TryHackMe
Simon TaplinApr 24, 2023
Linux Forensics - I have just completed this room! Check it out: https://tryhackme.com/room/linuxforensics #tryhackme #security #linux #dfir #forensics #artifacts #incidentresponse #linuxforensics via @RealTryHackMe
TryHackMe | Cyber Security Training

TryHackMe is a free online platform for learning cyber security, using hands-on exercises and labs, all through your browser!

TryHackMe