
Advanced Forensics in Linux
This course is designed to teach advanced forensic techniques for analyzing and investigating Linux systems. It covers tools, methodologies, and techniques for gathering evidence, detecting malicious activity, performing post-mortem analysis, and understanding the nuances of Linux file systems and environments in forensic contexts.
Add a Title
Add paragraph text. Click “Edit Text” to update the font, size and more. To change and reuse text themes, go to Site Styles.
Course Duration:
24 hours
Level:
Advanced

Course Objectives
• Understand the nuances of Linux file systems (ext4, xfs, btrfs) and their forensic implications.
• Learn how to analyze and recover deleted files, investigate system logs, and analyze memory dumps.
• Gain practical experience in detecting malware, rootkits, and suspicious network behavior.
• Develop skills in using Linux-based forensic tools like Volatility, Wireshark, AIDE, and rkhunter.
• Build a timeline of events from system artifacts to perform a full forensic investigation on a compromised Linux system.
• Understand and apply legal and ethical considerations in digital forensics.
Prerequisites
• Basic understanding of Linux operating systems and command line usage.
• Familiarity with basic computer forensics and digital evidence analysis techniques.
• Experience with networking and basic knowledge of network protocols would be beneficial but not essential.
