Back to all

General Courses

Linux forensics

Course Level: Basic, Intermediate, Advanced

  • 2-5 days
  • Certificate
  • Location - Worldwide
  • Price on request

This course will provide participants with knowledge of Linux Operating System, comparison with Microsoft Windows operating system, Linux distributions, basic commands and system environment and variables. Participants will learn how to perform basic forensic steps and how to collect and properly analyse data used under Linux operating system, such as File system basics, File system acquisition, User accounts or User login history. There are three levels of this course: basic, intermediate and advanced. All levels include different hands-on exercises.

Basic Course

The course will cover essential components and main areas of the operating system (Linux Kernel essentials, Service startup, Scheduled jobs, Processes). Moreover, participants will learn about the concepts of forensic analysis of Linux-based system: retrieving operating system details, description of system setup including review of the system environment, users of the system, protected areas (jails, sandboxes).

Prerequisites
There are no Linux specific knowledge prerequisites, but participants should have basic computers skills and knowledge on how computers and networks work, also participants should have basic digital forensic skills and knowledge.

Intermediate Course

This course is a follow-up to the Linux Forensics basic course. It addresses more advanced topics such as networking, TCP/IP essentials, Wireshark, client/server ‘protocol pollution’, Web server, PKI and OpenVPN. The course will cover essential components and main areas of the operating system (Linux Kernel essentials, Service startup, Scheduled jobs, Processes). Participants will understand how the internals of Linux work, how it is configured and managed, and how Linux services are provided. Basic ideas of embedded Linux will be presented as well.

Prerequisites
To obtain the maximum from this course, participants should have listened to Linux Forensic Basic course, and have knowledge of networking and essential principles of digital forensics.

Advanced Course

In the Linux advanced course participants will learn about the concepts of forensic analysis of Linux-based system: retrieving operating system details, description of system setup including review of the system environment, users of the system, protected areas (jails, sandboxes). All previously gained knowledge will be brought to a higher level and all the artefacts will be analyzed.

Prerequisites
To be able to participate in this course, participants should have passed Linux Basic and Intermediate course and be comfortable and conversant with all materials included and presented in those courses.

Contact