I am retiring this social media account. Find me as @hal_pomeranz@infosec.exchange
Orlando, FL
Joined November 2008
- Tweets 19,311
- Following 237
- Followers 13,672
- Likes 12
Daily Linux Forensics Trivia #30 - Write a "find" expression to locate directories whose names begin with a dot (".") and which are not located in a user's home directory.
1
1
Some folks suggested looking at /etc/issue or /etc/motd. While these files often contain the distro/version info, they are also just as likely to have been edited and contain a site-specific message without the OS information.
Other distros may also have another /etc/*-release file, like /etc/lsb-release on Debian/Ubuntu or /etc/redhat-release on RHEL/Fedora/CentOS
1
Trivia Answer #29 - Shout out to @Grabbi_it for chiming in with the answer. Mount your evidence and look at /etc/os-release, which should be there regardless of which distro you have been given.
1
2
4
And while you're there take a look at their security monitoring solution for Linux-- so much more than a typical XDR solution.
Check out this fun little tool from my friends @SpyderbatInc -- a historical process and performance monitoring tool for Linux spyderbat.com/all-posts/moni…
1
12
23
“Our new medicine costs thousands per month, but your insurance covers it! Oh you say it’s not covered? Here’s a coupon so you can get it for $25/mo!” — Why do we keep letting this scam play out?
2
1
4
Daily Linux Forensics Trivia #29 - You are given a disk image of a Linux system. How do you determine which distro and version it is?
6
9
1
14
Trivia Answer #28 - False. XFS allocates inodes on demand, and the inode number is assigned based on the inode’s position on the disk.
2
That’s a lot of development and testing effort to just be abandoned. But whether it’s TSK or something new, we need an Open Source, cross-platform filesystem interpreter that supports common modern file systems.
3
I agree. But with funding we could pay a resource to manage the project and clear out the backlog.
1
The #DFIR community needs funding and resources put towards libsleuthkit. And everybody needs to share their "private" forks where they have fixed bugs and added new file systems support. Hackathon anybody?
10
16
Just wanted to mention that my Linux Forensics training is happening next week. There is still time to sign up, and class size will be small. Hope to see you there!
Live Linux Forensics training coming up @WWHackinFest Deadwood! Let's do some daily Linux Forensics trivia as a lead-up! wildwesthackinfest.com/deadw…
1
5
9
Shout out to @fierry137 for chiming in with the correct answer.
1