Live Linux Forensics training coming up @WWHackinFest Deadwood! Let's do some daily Linux Forensics trivia as a lead-up! wildwesthackinfest.com/deadw…
34
50
2
95
Daily Linux Forensics Trivia #23 - You find these commands in /root/.bash_history: "dd if=/dev/urandom of=/junk bs=1M; rm -rf /junk". What did these commands accomplish?
7
3
1
9
Trivia Answer #23 - Lots of responses, including @rvandenbrink, @DfirNotes, and @jtsylve. The dd command will create a file called junk that will consume all unallocated blocks and overwrite them with random data. This should obliterate any evidence in unallocated.
2
If you’re in a virtual environment that doesn’t pre-allocate disks, this also has the side-effect of increasing the storage used by your instance and making it more costly to get a forensic copy.
Sep 29, 2022 · 12:19 PM UTC
1