Linux Forensics

Linux Command Line Forensics and Intrusion Detection Cheat Sheet

May 21, 2021

Computer Forensics, Linux Forensics, Presentation

Below is our Linux command line forensics and intrusion detection cheat sheet along with a presentation given at . These resources can help…

Detecting and Investigating OpenSSL Backdoors on Linux

April 19, 2021

Computer Forensics, Forensics, Linux Forensics

A nightmare for security personnel on Linux is to find a backdoor operating. This means an attacker is interacting with the host in real…

Linux Malware Investigation Myth: You Don’t Need a Debugger

January 19, 2021

Linux Forensics

A big myth around investigating Linux malware is that the first tool you need is a debugger and deep knowledge of assembly to understand…

Investigating Linux Process File Descriptors for Incident Response and Forensics

January 07, 2021

Linux Forensics

Let’s talk about Linux file descriptors and how to investigate a malicious process using them. What Is a File Descriptor? Since the…

Linux Stealth Rootkit Process Decloaking Tool – sandfly-processdecloak

August 17, 2020

Linux Forensics, Rootkits

We have released a new tool called designed to decloak hidden processes from two common and easily deployed Linux Loadable Kernel Module…

Detecting Linux memfd_create() Fileless Malware with Command Line Forensics

July 09, 2020

Computer Forensics, Forensics, Linux Forensics, Sandfly

A developing threat to Linux over the last several years has been the idea of fileless malware. Fileless malware is designed to inject…