Journal ArticleOPEN ACCESS

Recovering digital evidence from Linux systems

IFIP International Federation for Information Processing (2006) 194 233-244
DOI: 10.1007/0-387-31163-7_19
8Citations
Citations of this article
37Readers
Mendeley users who have this article in their library.

This article is free to access.

Abstract

As Linux-kernel-based operating systems proliferate there will be an inevitable increase in Linux systems that law enforcement agents must process in criminal investigations. The skills and expertise required to recover evidence from Microsoft-Windows-based systems do not necessarily translate to Linux systems. This paper discusses digital forensic procedures for recovering evidence from Linux systems. In particular, it presents methods for identifying and recovering deleted files from disk and volatile memory, identifying notable and Trojan files, finding hidden files, and finding files with renamed extensions. All the procedures are accomplished using Linux command line utilities and require no special or commercial tools. © 2006 International Federation for Information Processing.

Author supplied keywords

Cite

CITATION STYLE

APA

Craiger, P. (2006). Recovering digital evidence from Linux systems. IFIP International Federation for Information Processing, 194, 233–244. https://doi.org/10.1007/0-387-31163-7_19

Register to see more suggestions

Mendeley helps you to discover research relevant for your work.

Already have an account?

Save time finding and organizing research with Mendeley

Sign up for free