Submitting Campus
Daytona Beach
Department
Security Studies & International Affairs
Document Type
Book Chapter
Publication/Presentation Date
2005
Abstract/Description
As Linux-kernel-based operating systems proliferate there will be an inevitable increase in Linux systems that law enforcement agents must process in criminal investigations. The skills and expertise required to recover evidence from Microsoft-Windows-based systems do not necessarily translate to Linux systems. This paper discusses digital forensic procedures for recovering evidence from Linux systems. In particular, it presents methods for identifying and recovering deleted files from disk and volatile memory, identifying notable and Trojan files, finding hidden files, and finding files with renamed extensions. All the procedures are accomplished using Linux command line utilities and require no special or commercial tools.
Publication Title
Advances in Digital Forensics
DOI
https://doi.oeg/10.1007/0-387-31163-7_19
Publisher
IFIP/Springer
Scholarly Commons Citation
Craiger, P. (2005). Recovering Digital Evidence From Linux Systems. Advances in Digital Forensics, (). https://doi.oeg/10.1007/0-387-31163-7_19
Additional Information
Dr. Craiger was not affiliated with Embry-Riddle Aeronautical University at the time this paper was published.