Linux Forensics

Location: Online

Cost: $1,095

Course Description

Linux is everywhere– running in the cloud, on cell phones, and in embedded devices that make up the “Internet of Things”. Often neglected by their owners, vulnerable Linux systems are low-hanging fruit for attackers wishing to create powerful botnets or mine cryptocurrencies. Ransomware attacks target Linux-based database systems and other important infrastructure.

As attacks against Linux become more and more common, there is an increasing demand for skilled Linux investigators. But even experienced forensics professionals may lack sufficient background to properly conduct Linux investigations. Linux is its own particular religion and requires dedicated study and practice to become comfortable.

This four-day, hands-on course is a quick start into the world of Linux forensics. Learn how to rapidly triage systems and spot attacker malware and rootkits. Learn where the most critical on-disk artifacts live and how they can help further an investigation. Rapidly process Linux logs and build a clearer picture of what happened on the system. Look at the internals of common Linux file systems and learn how to recover deleted data.

Key Takeaways

  • Linux live collection and analysis
  • Linux memory forensic techniques
  • Rapid triage for key Linux artifacts
  • Accessing complex Linux disk geometries
  • Linux log analysis
  • File system internals and deleted data recovery

Who Should Take This Course

  • Experienced forensic professionals wanting to expand their Linux knowledge
  • SOC analysts needing a stronger grounding in Linux
  • Administrators/developers defending Linux infrastructures

Audience Skill Level

This course is an introduction to Linux forensics, but not an introduction to forensics. The course assumes at least some knowledge of digital forensic methods, such as evidence acquisition. This course is heavily command-line driven, so basic familiarity with the Linux command-line is helpful.

Event Details
Event Details