Commit 5c1d8a21 authored by Heiko Reese's avatar Heiko Reese

parent 8065e97f
# KIT-CERT's Checklist for Linux Forensics
# KIT-CERT Checklist for Linux Forensics
## Preliminary Considerations
......@@ -402,6 +402,12 @@ TODO: logfiles, /etc, journald, …
*Don't* do a `shutdown` or `poweroff`! Cut the power (hold power button for
several seconds) or »force off« virtual machines.
## Offline Forensics
TODO:
* Binaries: strings, hexdump, objdump, elf*, gdb, rec (http://www.backerstreet.com/rec/rec.htm), IDAPro,…
* Logfiles: grep, sort, log2timeline, …
* Autosy, rkhunter, …
#### Authors:
* Heiko Reese <heiko.reese@kit.edu>
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment