Russ Rogers (v3rtig0 - Speedrussr) · Oct 31, 2020 · 1:30 PM UTC

Russ Rogers (v3rtig0 - Speedrussr)

Russ Rogers (v3rtig0 - Speedrussr) @v3rtig0

31 Oct 2020

Dear Twitterverse: I'm looking for a resource (book or similar) that goes into depth on Linux file systems including transaction logs or other important logging mechanisms. Any suggestions? Something analogous to the USN or NTFS logs on Windows.

Hal Pomeranz · Nov 1, 2020 · 9:51 AM UTC

Hal Pomeranz · Nov 1, 2020 · 9:51 AM UTC

Hal Pomeranz @hal_pomeranz

1 Nov 2020

Replying to @v3rtig0

Also not clear on the context for your request. You could track file access in excessive detail using auditd on Linux, but it would have to be configured beforehand. Won’t help if you’re investigating activity that has already happened.

Nov 1, 2020 · 9:51 AM UTC

Russ Rogers (v3rtig0 - Speedrussr) · Nov 1, 2020 · 11:31 PM UTC

Russ Rogers (v3rtig0 - Speedrussr) @v3rtig0

1 Nov 2020

Replying to @hal_pomeranz

I’m looking for a way I can automate the collection of file system related events. I’m collecting a lot of artifacts from target systems, and I know istat is pulling the data from “somewhere”.

Hal Pomeranz · Nov 2, 2020 · 12:07 PM UTC

Hal Pomeranz @hal_pomeranz

2 Nov 2020

istat is just returning inode data, nothing else AFAIK