Hal Pomeranz · Sep 6, 2022 · 1:31 PM UTC

Hal Pomeranz

Hal Pomeranz @hal_pomeranz

6 Sep 2022

Live Linux Forensics training coming up @WWHackinFest Deadwood! Let's do some daily Linux Forensics trivia as a lead-up! wildwesthackinfest.com/deadw…

Hal Pomeranz · Oct 4, 2022 · 12:13 PM UTC

Hal Pomeranz @hal_pomeranz

4 Oct 2022

Daily Linux Forensics Trivia #29 - You are given a disk image of a Linux system. How do you determine which distro and version it is?

Hal Pomeranz · Oct 5, 2022 · 12:46 PM UTC

Hal Pomeranz @hal_pomeranz

5 Oct 2022

Trivia Answer #29 - Shout out to @Grabbi_it for chiming in with the answer. Mount your evidence and look at /etc/os-release, which should be there regardless of which distro you have been given.

Hal Pomeranz · Oct 5, 2022 · 12:47 PM UTC

Hal Pomeranz @hal_pomeranz

5 Oct 2022

Other distros may also have another /etc/*-release file, like /etc/lsb-release on Debian/Ubuntu or /etc/redhat-release on RHEL/Fedora/CentOS

Hal Pomeranz · Oct 5, 2022 · 12:48 PM UTC

Hal Pomeranz · Oct 5, 2022 · 12:48 PM UTC

Hal Pomeranz @hal_pomeranz

5 Oct 2022

Some folks suggested looking at /etc/issue or /etc/motd. While these files often contain the distro/version info, they are also just as likely to have been edited and contain a site-specific message without the OS information.

Oct 5, 2022 · 12:48 PM UTC