Summary: | Digital forensics is a crucial discipline in the field of cybersecurity, involving the systematic examination of electronic devices to uncover, analyze, and preserve digital evidence for investigative purposes. In this context, Linux, as an operating system, presents unique challenges and opportunities for forensic investigators. Linux forensic analysis requires a deep understanding of its distinctive commands, file systems, and log files, which serve as primary sources for tracing and understanding security incidents. This paper delves into the fundamentals of digital forensics and explores the specific nuances of Linux forensic analysis. We highlight common Linux artifacts that play a pivotal role in investigations, shedding light on their significance. To enhance the efficiency of forensic investigations, we propose the development of an extraction tool. This tool aims to automate the retrieval of Linux artifacts, providing investigators with a streamlined and systematic approach to data collection. By creating a bridge between the intricacies of Linux systems and the needs of forensic investigators, this extraction tool is poised to contribute significantly to the advancement of Linux forensic analysis. © 2023 IEEE.
|