Computer Forensics

Linux Command Line Forensics and Intrusion Detection Cheat Sheet

May 21, 2021

Computer Forensics, Linux Forensics, Presentation

Below is our Linux command line forensics and intrusion detection cheat sheet along with a presentation given at . These resources can help…

Detecting Linux memfd_create() Fileless Malware with Command Line Forensics

July 09, 2020

Computer Forensics, Forensics, Linux Forensics, Sandfly

A developing threat to Linux over the last several years has been the idea of fileless malware. Fileless malware is designed to inject…

Detecting Linux Kernel Process Masquerading with Command Line Forensics

March 31, 2020

Computer Forensics, Forensics, Linux Forensics

Linux kernel process masquerading is sometimes used by malware to hide when it is running. Let’s go over how you can unmask a piece of Linux…

Using Linux utmpdump for Forensics and Detecting Log File Tampering

August 01, 2019

Computer Forensics, Linux Forensics

In this post we’re going to show you how to use utmpdump for investigating Linux audit logs for signs of compromise. Seemingly unknown by…

Getting an Attacker IP Address from a Malicious Linux At Job

July 26, 2019

Computer Forensics, Linux Forensics

Attackers on Linux often try to establish so they can maintain access to a host. The most common way to do this is with a cron job that…

How To Recover A Deleted Binary From Active Linux Malware

June 03, 2019

Computer Forensics, Linux Forensics

Often, Linux malware will delete itself after it starts so that file scanners and integrity checks won’t see the binary present. It also can…