Catalogue · MOD-DEF-09

Linux Forensics

A compromised Linux server tells its story — to whoever can read it. This module teaches you Linux forensics: traces, persistence, file recovery, memory analysis.

Defence (Blue) Praticien 6 bricks 9 labs ≈ 17.5 h 5 real cases

Objectives

• Collect Linux evidence (live and image) • Analyse logs and persistence • Recover files via carving • Analyse memory and conclude

Module bricks

BRQ-DEF-045 — Linux collection (live & image) (1 lab(s))
BRQ-DEF-046 — Linux logs & persistence (journalctl) (2 lab(s))
BRQ-DEF-047 — Carving & recovery (Foremost) (1 lab(s))
BRQ-DEF-048 — Linux memory & container forensics (2 lab(s))
BRQ-DEF-049 — Anti-forensics & Linux timeline (2 lab(s))
BRQ-DEF-050 — Forensic report (1 lab(s))

Order this module View full catalogue