Live Linux Forensics training coming up @WWHackinFest Deadwood! Let's do some daily Linux Forensics trivia as a lead-up! wildwesthackinfest.com/deadw…

Daily Linux Forensics Trivia #6 - How can you determine when a Linux system was installed?

I'm going to give @stoney27 credit on this one-- his answer was "date on the device of the root file system". Since there is no standard artifact for install date on Linux systems, the creation date on the root directory (or "/lost+found") is generally used.

Note that on some Linux distros there is an installation log that you can find under /var/log or /root. That will give you a much more exact timeline, if present.