😈 How to Detect Linux Anti-Forensics Log Tampering
When forensically examining Linux systems for malicious intrusion, responders often rely on the following three artefacts to determine logins and logouts:
—
—
—
Of course, these artefacts are not all you can forensically investigate for malicious access, however, these will be the focus of this anti-forensics blog post.
https://www.inversecos.com/2022/06/detecting-linux-anti-forensics-log.html
#linux #log #evasion #antiforensics
When forensically examining Linux systems for malicious intrusion, responders often rely on the following three artefacts to determine logins and logouts:
—
/var/run/utmp – currently logged in users—
/var/run/wtmp – current, past logins and system reboot —
/var/log/btmp – bad login attempts Of course, these artefacts are not all you can forensically investigate for malicious access, however, these will be the focus of this anti-forensics blog post.
https://www.inversecos.com/2022/06/detecting-linux-anti-forensics-log.html
#linux #log #evasion #antiforensics
👍4