Daily Linux Forensics Trivia #17 - Explain this configuration from /etc/sudoers: "%wheel ALL : (ALL) ALL" [and don't forget to sign up for my 2-day Linux Forensics training at wildwesthackinfest.com/deadw…]
Trivia Answer #16 - EXT4 uses 48-bit block addresses. Apparently the developers were concerned that 64-bit addresses would result in file systems that were so large that they could potentially not be fsck-ed in a reasonable amount of time.
Trivia Answer #15 - The typical Syslog log timestamp is “Mon dd hh:mm:ss”, e.g. “Sep 21 7:49:34”. The regex “[A-Z][a-z]{2} +[0-9]+ +[0-9]+:[0-9]{2}:[0-9]{2} “ matches this pattern and is effective at finding old/deleted log entries in unallocated.
Trivia Answer #14 - Standard log rotation happens weekly and four weeks of old logs are saved. So you could end up with anywhere from 28-35 days of logs online.
Trivia Answer #14 - Standard log rotation happens weekly and four weeks of old logs are saved. So you could end up with anywhere from 28-35 days of logs online.
Daily Linux Forensics Trivia #14 - If the default log rotation policy has not been changed, roughly how many days worth of logs should you expect to find on a Linux system?