Linux Forensics

Splunk App for Sandfly Agentless Intrusion Detection for Linux Now Available

June 03, 2020

Linux Forensics, Sandfly, Splunk

We are pleased to announce the release of the Sandfly Splunk app. This . Sandfly users can now combine the powerful search and analysis…

Detecting Linux Kernel Process Masquerading with Command Line Forensics

March 31, 2020

Computer Forensics, Forensics, Linux Forensics

Linux kernel process masquerading is sometimes used by malware to hide when it is running. Let’s go over how you can unmask a piece of Linux…

How To Decloak Stealth Linux Cryptocurrency Mining Malware

December 17, 2019

Linux Forensics

Increasingly on Linux we are seeing malware deploying anti-detection and evasion tactics. In this post we’re going to go over a recent piece…

Sandfly Filescan Open Source File Entropy Scanner for Linux

November 26, 2019

Forensics, Linux Forensics, Sandfly Filescan

We’re releasing an open source tool today called . Sandfly-filescan allows Linux admins and incident responders to quickly scan for…

Basic Linux Malware Process Forensics for Incident Responders

October 01, 2019

Linux Forensics

Let’s go step-by-step and do some basic live process forensics for Linux. Today’s attack is a bind shell backdoor waiting for a connection…

Using Linux utmpdump for Forensics and Detecting Log File Tampering

August 01, 2019

Computer Forensics, Linux Forensics

In this post we’re going to show you how to use utmpdump for investigating Linux audit logs for signs of compromise. Seemingly unknown by…