Submitting Campus

Daytona Beach

Department

Security Studies & International Affairs

Document Type

Book Chapter

Publication/Presentation Date

2005

Abstract/Description

As Linux-kernel-based operating systems proliferate there will be an inevitable increase in Linux systems that law enforcement agents must process in criminal investigations. The skills and expertise required to recover evidence from Microsoft-Windows-based systems do not necessarily translate to Linux systems. This paper discusses digital forensic procedures for recovering evidence from Linux systems. In particular, it presents methods for identifying and recovering deleted files from disk and volatile memory, identifying notable and Trojan files, finding hidden files, and finding files with renamed extensions. All the procedures are accomplished using Linux command line utilities and require no special or commercial tools.

Publication Title

Advances in Digital Forensics

DOI

https://doi.oeg/10.1007/0-387-31163-7_19

Publisher

IFIP/Springer

Additional Information

Dr. Craiger was not affiliated with Embry-Riddle Aeronautical University at the time this paper was published.

Share

COinS