Live Linux Forensics training coming up @WWHackinFest Deadwood! Let's do some daily Linux Forensics trivia as a lead-up! wildwesthackinfest.com/deadw…

Sep 6, 2022 · 1:31 PM UTC

34
50
2
95
Daily Linux Forensics Trivia #1 -- Name two places in the Linux file system where the file type is encoded. wildwesthackinfest.com/deadw…
1
8
6
Trivia Answer #1 — File type was originally only stored in the inode. It was later added to directory entries so that commands like “ls -F” would not have to read every inode in a directory in order to display the file type.
1
3
Load newest
Daily Linux Forensics Trivia #31 - Name three places in Linux where scheduled tasks can be configured.
5
4
7
Just to be clear, I'm looking for locations in the file system where scheduled tasks can be configured.
1
Daily Linux Forensics Trivia #32 - You find entries in an Apache web server log whose timestamps are out of chronological order. Does this mean the log has been tampered with?
3
2
Trivia Answer #32 - It is actually not uncommon to find Apache log entries out of chronological order. The log timestamps show the time the web request was received, but the log entries are not written until the web response is completed.
1
1
3
more replies
Daily Linux Forensics Trivia #33 - True or False: The only superuser account that can exist on a Linux system is the "root" account.
10
3
1
8
Trivia Answer #33 - False. Any account with UID 0 has superuser privileges, and multiple accounts with the same UID are allowed. Attackers will sometimes create additional UID 0 accounts (or change the UID of an existing account) as a back door.
1
2
more replies
Load more