Submitting Campus

Daytona Beach

Department

Security Studies & International Affairs

Document Type

Book Chapter

Publication/Presentation Date

2005

Abstract/Description

As Linux-kernel-based operating systems proliferate there will be an inevitable increase in Linux systems that law enforcement agents must process in criminal investigations. The skills and expertise required to recover evidence from Microsoft-Windows-based systems do not necessarily translate to Linux systems. This paper discusses digital forensic procedures for recovering evidence from Linux systems. In particular, it presents methods for identifying and recovering deleted files from disk and volatile memory, identifying notable and Trojan files, finding hidden files, and finding files with renamed extensions. All the procedures are accomplished using Linux command line utilities and require no special or commercial tools.

Publication Title

Advances in Digital Forensics

DOI

https://doi.oeg/10.1007/0-387-31163-7_19

Publisher

IFIP/Springer

Additional Information

Dr. Craiger was not affiliated with Embry-Riddle Aeronautical University at the time this paper was published.

Scholarly Commons Citation

Craiger, P. (2005). Recovering Digital Evidence From Linux Systems. Advances in Digital Forensics, (). https://doi.oeg/10.1007/0-387-31163-7_19

Download

Included in

Forensic Science and Technology Commons

COinS

Publications

Recovering Digital Evidence From Linux Systems

Submitting Campus

Department

Document Type

Publication/Presentation Date

Abstract/Description

Publication Title

DOI

Publisher

Additional Information

Scholarly Commons Citation

Included in

Search

Browse

Author Corner

Links

Publications

Recovering Digital Evidence From Linux Systems

Authors

Submitting Campus

Department

Document Type

Publication/Presentation Date

Abstract/Description

Publication Title

DOI

Publisher

Additional Information

Scholarly Commons Citation

Included in

Share

Search

Browse

Author Corner

Links