Linux Investigations a 5-day course focused on Linux System Administration, and designed to familiarize participants with Linux forensics, Linux security environments, imaging and basic system analysis.

In this course, the students will discover how to work on Linux as an advanced user. They will learn and understand the Linux file system tree, will have an introduction to the Shell and how to interact with the OS.

The fdisk options and disk operation will be detailed. We will then have a global vision of system monitoring  and will have a dive into the different filesystem we may meet on the Linux.

We will move forward with the process definition and will understand the user and group account management in Linux. After understanding the packet management system and the package installer we will move forward with Linux encryption and how to deal with an encrypted disk.

The raid and LVM option will be detailed, later with the kernel options configuration and services. We will then go deep into the network configuration and the firewalling options.

We will have a detailed view of the processes of System startup and shutdown and how to handle a system that could not boot anymore.

We will then discover in deep the process of Acquisition and mount and also focus on dedicated artifacts you could find on Linux.

The specific Linux artifacts will be seen in chapter 20 with also all the functionality needed to investigate on logs (awk / sed / grep) with to finish the course an understanding on the memory forensic part with Volatility and how to capture ram on a Linux system.