Linux forensic artifacts

This cheat-sheet gives incident responders, SOC analysts, and digital forensics investigators a fast reference to the most important digital forensic artifacts to collect during an investigation on a Linux system 😎👆

Find high-res pdf books with all my Linux and cybersecurity related infographics from https://study-notes.org

#linux #cybersecurity #infosec #pentesting #hacking

2025/11/18 Edited to

... Read moreHey everyone! Building on my quick cheat sheet, I wanted to dive a bit deeper into why 'forensic artifacts' are such a big deal, especially when you're looking into a Linux system after an incident. When something goes wrong, these artifacts are basically the digital breadcrumbs left behind by an attacker or a malicious process. They tell a story, and knowing where to look is half the battle! Think of it this way: every action on a computer leaves a trace. A forensic artifact is any piece of digital information that can be used to reconstruct events, identify malicious activity, or prove a breach. For Linux systems, this can range from system logs to network connection records, and even specific application data. Without understanding these, it's like trying to solve a puzzle with half the pieces missing. From my experience, two of the most critical areas are System and Kernel artifacts and File System artifacts. For system stuff, I always start with auth.log or secure.log to check for suspicious login attempts, syslog for general system messages, and dmesg for kernel-related events. You'd be surprised what you can uncover just by reviewing these! And for the file system, looking at access times (atime), modification times (mtime), and change times (ctime) of files can reveal when files were created, modified, or accessed. Don't forget ~/.bash_history for user commands – a goldmine! Then there's Network artifacts. If a system was compromised, there's almost always network activity involved. I look at netstat output (if available from a memory dump) to see active connections, or tcpdump captures if logging was enabled. /etc/resolv.conf can show DNS servers used. For User Activity, beyond bash_history, checking last or wtmp for login records, and crontab entries for scheduled tasks is crucial. Sometimes, attackers set up persistent access through cron jobs. The infographic also mentioned Application-Specific artifacts and Other Intrusion Artifacts. This is where it gets tricky, as it depends on what services are running. Web server logs (Apache, Nginx), database logs, and application-specific configuration files can hold vital clues. And don't underestimate the power of Forensic Imaging/Metadata. Always make a forensically sound image of the disk before you start poking around! Preserving the metadata, like the exact size and hash of the image, ensures the integrity of your evidence. Tools like dd or dcfldd are often used for this. My biggest tip? Act fast and document everything! The volatility of some artifacts means they can disappear quickly. Having a checklist, like the one in my infographic, really speeds things up. Remember, the goal is to collect as much information as possible without altering the original evidence. It's a challenging but incredibly rewarding field!

Related posts

An infographic titled 'Linux curl Command Examples' provides a comprehensive list of curl commands. It covers HTTP GET operations with options like user-agent and custom headers, HTTP POST/PUT operations for data and file uploads, and various file download operations including resuming and rate-limiting. Created by Dan Nanni.
Linux curl command examples
The curl command is a flexible tool that lets you send or receive data from servers using protocols like HTTP, HTTPS, FTP, and others, all from the command line Here are useful curl command examples 😎👆 #devops #opensource #software #TechTips Find high-res pdf books with all my #lin
Learn Linux with Dan

Learn Linux with Dan

7 likes

These sites saved my brain in 2025 🧠💻
1. ChatHub I used to bounce between AI platforms, copy-pasting the same prompt over and over to compare answers. With ChatHub, I can talk to multiple AIs at the same time, in one clean interface. It’s honestly my go-to whenever I’m brainstorming content, writing study scripts, or just curious whi
emilie.studygram

emilie.studygram

561 likes

A person with long dark hair and a straw hat walks through a sunny public square. Overlay text reads "CYBERSECURITY CAREER Tips to get started," introducing advice for a career in cybersecurity.
A person in a white dress walks on a path next to green bushes. Overlay text advises to "Build a Strong Technical Foundation" by learning networking basics, operating systems, and scripting languages.
People walk across a street with benches and trees in the background. Overlay text suggests to "Get Hands-On Experience" through CTF competitions, cybersecurity challenges, and setting up a home lab.
Tips for pursuing a career in cybersecurity
1. Build a Strong Technical Foundation A solid understanding of systems, networks, and programming is essential for identifying and mitigating security threats. • Learn networking basics (e.g., TCP/IP, firewalls, VPNs). • Gain familiarity with operating systems (Windows, Linux)
vedha | career tips (tech) 👩‍

vedha | career tips (tech) 👩‍

137 likes

An infographic titled 'Useful TUI Linux Software' with a Tux penguin logo. It defines TUI as Text-based User Interface for terminal environments and lists various software categorized under Disk Manager, System Monitor, Web Browser, Network Manager/Monitor, Multimedia, GPT, Git, Coding, File Manager, and Messaging.
Useful TUI software on Linux
Linux TUI (Text User Interface) software offers a user-friendly way to interact with applications directly from the terminal, using text-based menus and interfaces instead of a graphical desktop environment Here are a categorized list of useful TUI software available on Linux 😎👆 #software #o
Learn Linux with Dan

Learn Linux with Dan

4 likes

Google Sheets keyboard shortcuts
Google Sheets is a cloud based spreadsheet tool for organizing, analyzing, and sharing data online. Keyboard shortcuts make work faster and more efficient, esp when you are working with large datasets or performing frequent edits Here are useful keyboard shortcuts for Google Sheets 😎👆 Find
Learn Linux with Dan

Learn Linux with Dan

691 likes

A Linux Cheatsheet for Engineers from @thealpha.dev, listing various commands categorized into File System Operations, File Permissions, Process Management, Networking, System Information, Package Management, Shell Scripting, User and Group Management, File Transfer, and System Services. A penguin on a skateboard is at the bottom.
Linux cheat sheet✨️
Where are my tech babes at?👩🏿‍💻 This is something I'm learning in school😍 It's been super fun typing things into the command line and actually getting a response🥹💕💕💕 One of my classmates shared this cheat sheet to make using Linux easier #imdoingsomethingright #CybersecurityAwarenessMon
Deya!

Deya!

27 likes

A Linux I/O Redirection cheat sheet created by Dan Nanni, detailing various shell commands for redirecting, appending, and combining standard input, output, and error streams. It includes examples like `cmd < file`, `cmd > file`, `cmd 2> file`, `cmd > file 2>&1`, and `cmd <<< "string"` with their corresponding descriptions.
Linux I/O redirection cheat sheet
Here is a concise reference of Linux shell operators for redirecting, appending, and combining standard input, output, and error streams 😎👇 Find high-res pdf ebooks with all my Linux related infographics at https://study-notes.org #linux #sysadmin #infosec #devops #softwareengine
Learn Linux with Dan

Learn Linux with Dan

6 likes

These 5 websites feel illegal to know!
#gettoknowme
Useful AI Websites & Tutorials

Useful AI Websites & Tutorials

38 likes

A Linux watch command cheatsheet created by Dan Nanni, listing various commands to monitor system metrics in real-time. Examples include tracking CPU/memory usage, disk space, log file growth, network activity, and system errors, with refresh intervals specified.
Linux watch command cheatsheet
Ever wish you could just run a command and keep seeing it update automatically as things change? That is exactly what the watch command does on Linux Here are useful examples of the watch command 😎👆 Find high-res pdf ebooks with all my Linux related infographics at https://study-notes.org
Learn Linux with Dan

Learn Linux with Dan

4 likes

This image displays a comprehensive list of useful Wireshark filter examples. It includes filters for IP addresses, ports, protocols like TCP, UDP, HTTP, DNS, TLS, DHCP, and packet properties such as length and content. The infographic was created by Dan Nanni from study-notes.org.
Useful Wireshark filter examples
Wireshark filters cut through the noise so you can focus on the traffic that matters: protocols, IPs, ports, or even packet contents. For blue teams, they help track suspicious activity and investigate forensic evidence. For red teams, they help map behavior, spot weak points, and test defenses
Learn Linux with Dan

Learn Linux with Dan

2 likes

Powerful Websites
#freewebsite #website #fromsoftware #fyplemon8 #fyp
Tha Smoke Websites

Tha Smoke Websites

737 likes

Linux commands for hardware information
Knowing your hardware is essential for effective troubleshooting, system tuning, and performance optimization. That’s why it’s important to be familiar with the OS tools that let you examine different parts of your system’s hardware Here are a list of useful Linux commands for looking up hardwar
Learn Linux with Dan

Learn Linux with Dan

4 likes

Student Teaching Series: What to bring to student teaching!! Please let me know if you guys have ANY questions and I will do my best to make videos over the next couple weeks for you. I’m an open book and would LOVE to pass on anything I’ve learned. ☺️ #teachersoftiktok #middleschoolteacher
Kelly Having

Kelly Having

6 likes

DebianLinux

DebianLinux

4 likes

HOW TO CATCH A CHEATER
MORGANCYBERHELP

MORGANCYBERHELP

15 likes

Cave Dwellers Built the First Data Center
When your ancestors were running Linux before fire was invented. Stone age server farms hit different. #midjourney #cavecore #techno #ancient #cyberpunk
HalluciNEET 9000

HalluciNEET 9000

2 likes

🛑 Stop paying for Photoshop or struggling with Canva limitations… 🎯 GIMP is the free design software I teach all my students to use—and it works like a charm for custom products. 👩🏽‍💻 In this quick tutorial, I’ll show you exactly how to download it, set it up, and pin it to your desktop so you’r
www.DesigningMadeEasy.com

www.DesigningMadeEasy.com

14 likes

An infographic titled 'Linux /proc Filesystem' by Dan Nanni, listing various /proc entries and their functions. It details how to access real-time system information, including CPU, memory, network, disk I/O, kernel, and process-specific data, presented with folder icons on a dark background.
Linux /proc filesystem
The /proc filesystem in Linux is a virtual gateway to real-time system info, from hardware stats to kernel parameters, letting you monitor and tweak your system on the fly Here are some of the most useful /proc entries 😎👆 #TechTips #software #softwaredeveloper Find high-res pdf books
Learn Linux with Dan

Learn Linux with Dan

5 likes

Useful sysdig command examples
Sysdig is one of those hidden gem tools that shows exactly what your Linux system is doing in real time — system calls, containers, network traffic, file access — everything, no guessing. Here are useful sysdig command examples 😎👆 Find high-res pdf ebooks with all my cybersecurity related inf
Learn Linux with Dan

Learn Linux with Dan

5 likes

A ranked list of the top 20 Linux-related GitHub projects, including their repository names, star counts, fork counts, and brief descriptions. Projects range from the Linux kernel to command-line tools, editors, and system monitors. The infographic is credited to Dan Nanni and study-notes.org.
Top Linux-related GitHub projects
As a Linux fan, I’m always curious which open-source Linux projects are getting the most attention on GitHub Here are some of the big ones 😎👆 Did I miss anything important? Find high-res pdf ebooks with all my Linux related infographics at https://study-notes.org #linux #github #op
Learn Linux with Dan

Learn Linux with Dan

3 likes

An infographic titled 'Linux Commands for Hardware Info' by Dan Nanni, listing various Linux commands and their functions for checking hardware components like CPU, memory, storage, network, display, and peripherals, along with system information.
Linux commands for hardware information
Here are useful Linux commands for looking up hardware information such as hardware vendor or model info 😎👆 #sysadmin #devops #opensource #TechTips Find high-res pdf books with all my #Linux related infographics at https://study-notes.org
Learn Linux with Dan

Learn Linux with Dan

2 likes

This image displays "Useful Linux Cron Examples," a comprehensive list of cron job schedules. It shows various cron expressions with corresponding commands and descriptions for tasks like running every minute, hourly, daily, weekly, monthly, yearly, at system startup, and more, created by Dan Nanni.
Useful Linux cron examples
Linux cron schedules recurring tasks at defined times using flexible expressions for minutes, hours, days, and months Here are useful cron job examples 😎👇 #software #softwaredeveloper #TechTips #technicalinterview Find a high-res pdf book with all my #linux related infographics fro
Learn Linux with Dan

Learn Linux with Dan

7 likes

Daytona Beach Shores, FL
edited in affinity, downscaled in GIMP on Linux Mint 22.3
tonykinflorida

tonykinflorida

3 likes

An infographic titled 'Ways to Remove Files on Linux' presents a comprehensive list of commands for deleting files and directories. It includes various `rm` commands for basic removal, `find` commands for conditional deletion based on criteria like age, size, user, or permissions, and other utilities like `unlink`, `shred`, and `trash-put`. The infographic is created by Dan Nanni from study-notes.org.
Different ways to remove files on Linux
There are various ways to remove files and directories on Linux, based on filenames, creation/access time, size, ownership, permissions, or security needs Here are useful command line examples of removing files on Linux 😎👆 #infosec #TechTips #software Find high-res pdf books with a
Learn Linux with Dan

Learn Linux with Dan

10 likes

An infographic titled 'Linux FUSE-based Filesystems' categorizes various filesystems. Categories include Remote and Cloud, Archive and Image, Encrypted and Secure, Legacy and Compatibility, and Special-Purpose and Experimental filesystems, with examples for each. The infographic was created by Dan Nanni from study-notes.org.
Useful Linux FUSE filesystems
A FUSE filesystem is a user-space filesystem built on top of the Filesystem in Userspace (FUSE) kernel module, allowing developers to implement custom storage logic without writing kernel code Here are a categorized list of Linux FUSE filesystems 😎👆 #softwareengineer #computerscience #TechT
Learn Linux with Dan

Learn Linux with Dan

4 likes

I’m Linuxvr!
#gettoknowme #gorillatag #fyp #newcontentcreator #linux
🧑‍💻🐧Linuxvr_Offical🐧🧑‍💻

🧑‍💻🐧Linuxvr_Offical🐧🧑‍💻

1 like

Ça c'est les pieds d'un français 🇫🇷 #lemon8 #lemon8fr #tiktok #tiktokfr
pierrebg2004

pierrebg2004

4 likes

DebianLinux

DebianLinux

2 likes

A list titled 'Top Linux related GitHub Projects' ranks 15 projects, including torvalds/linux and ohmyzsh/ohmyzsh, showing their GitHub repository, star count, fork count, and a brief description for each. The image was created by Dan Nanni from study-notes.org.
Most popular Linux-related GitHub projects
As an avid Linux fan, I am always curious about the most popular open-source Linux projects hosted on GitHub. Here are some of the top ones! 😎👆 Think something important is missing? Let me know! #opensource #software #coding #github Find high-res pdf books with all my #linux relate
Learn Linux with Dan

Learn Linux with Dan

10 likes

An infographic titled 'Linux /proc Filesystem' by Dan Nanni, featuring the Linux penguin mascot. It lists numerous /proc entries like /proc/cpuinfo, /proc/meminfo, and /proc/[PID]/status, detailing the system information each provides, such as CPU, memory, and process statistics.
Linux /proc filesystem
The Linux /proc filesystem is a virtual interface that exposes live system information and kernel parameters, enabling users to monitor hardware and processes and adjust kernel settings at runtime Here are a list of useful /proc entries 😎👆 #software #softwaredeveloper #computer Find
Learn Linux with Dan

Learn Linux with Dan

5 likes

An infographic details the Linux /etc/shadow file, showing its structure with fields like username, password hash, last change, min/max days, warn, inactive, expire, and reserved. It defines each column and provides examples for user 'dan' and 'sshd' accounts, explaining their password security settings.
Linux /etc/shadow file overview
On Linux, /etc/passwd stores basic user account information and was historically used for password storage. But, for security reasons, hashed passwords have been moved to /etc/shadow, which is only accessible by root Here is how to interpret the /etc/shadow file 😎👆 Find high-res pdf books wit
Learn Linux with Dan

Learn Linux with Dan

4 likes

This image displays a list of useful Linux shell aliases and functions created by Dan Nanni. It provides shortcuts for common command-line tasks like directory navigation, file management, system monitoring, process handling, network utilities, and system updates, aiming to boost productivity.
Useful Linux shell aliases and functions
Linux tip: Shell aliases or functions let you turn long or complex commands into short, memorable shortcuts — making your command-line workflow faster and cleaner Here are useful aliases and shell functions you can add to your shell configuration 😎👆 #devops #linux #productivityhacks #so
Learn Linux with Dan

Learn Linux with Dan

2 likes

Linux command chaining
Linux shells like bash and zsh make it easy to combine commands using chaining, command substitution, and process substitution, letting you run tasks in sequence, reuse command output, or connect commands more flexibly 😎👆 Find a high-res pdf ebook with all my Linux related infographics from http
Learn Linux with Dan

Learn Linux with Dan

2 likes

An infographic titled 'Understanding Linux Signals' illustrates signal sources like kernel-detected faults, system calls, and kernel subsystems. It shows how processes handle signals through default actions, custom handlers, or ignoring them. A table details common signals, their numbers, default actions, and triggering conditions.
Understanding Linux signals
“Signals” provide a lightweight mechanism for the Linux kernel and other processes to asynchronously notify a running process about events such as faults, user interrupts, or system conditions 😎👆 Find high-res pdf ebooks with all my Linux related infographics at https://study-notes.org #linu
Learn Linux with Dan

Learn Linux with Dan

8 likes

linux distro linux ricing :)
Linux Ricing #linux #computer
☬hyprland✇

☬hyprland✇

6 likes

Linux-based cybersecurity tools
Linux provides a vast ecosystem of open-source cybersecurity tools, offering solutions for penetration testing, threat detection, and secure system management Here is a categorized list of cybersecurity tools available on Linux 😎👇 #cybersecurity #infosec #linux
Learn Linux with Dan

Learn Linux with Dan

13 likes

An infographic titled 'Linux netcat Command Examples' lists various `nc` commands for network tasks like port scanning, file transfer, creating shells, and streaming. It includes commands for TCP/UDP, IPv6, and persistent listeners, credited to Dan Nanni.
Useful netcat command examples
Netcat is the Swiss army knife of networking. It lets you read and write data over TCP or UDP, and infosec folks use it all the time for things like quick port scans, grabbing service banners, or setting up reverse shells. Here are useful netstat command examples 😎👆 Find high-res pdf ebooks w
Learn Linux with Dan

Learn Linux with Dan

5 likes

Linux user management commands
Even on a single-user Linux system, having multiple user accounts is important for separating administrative tasks, securely running background services, and safely experimenting without affecting your main environment Here are essential Linux commands for user management 😎👆 #devops #softwar
Learn Linux with Dan

Learn Linux with Dan

5 likes

Business Ownership Opportunity Webinar
It's Time to Rise & Thrive in 2026. I Sierra Moore invite you to attend VIRTUALLY Live from Pittsburgh, Pennsylvania. Saturday, at 4pm PST, 6pm CST, *7pm EST. Check your time zone. Learn how you can turn your annual income into a monthly income and start making money today. Spread the word
Sierra Moore

Sierra Moore

1 like

Old bank notes
I collect also bank notes
DebianLinux

DebianLinux

8 likes

DebianLinux

DebianLinux

7 likes

A computer monitor displays a Linux Mint desktop with its distinctive logo. The screen shows numerous folders labeled with names of classic gaming systems such as Sega Genesis, Atari 2600, Gameboy, Super Nintendo, MAME Roms, Neo Geo CD, Nintendo 64, Nintendo DS, PS2, and PS3.
Linux Mint User
I don't have windows installed on my computer at all. I use Linux Mint and I absolutely love it! #linux #computer #Lemon8Diary
Robert Ramos

Robert Ramos

11 likes

Linux command chaining
POSIX-compliant Linux shells (bash, zsh, sh) support command chaining — a simple way to link multiple commands and control whether the next one runs based on success, failure, or just order of execution 😎👆 Find a high-res pdf book with all my Linux related infographics from https://study-notes.o
Learn Linux with Dan

Learn Linux with Dan

6 likes

The image illustrates how Linux cgroups manage resources like CPU, Memory, Storage I/O, and Network. It shows creating cgroups, attaching a process (PID 12345) to `cgroup3` via `/sys/fs/cgroup/cgroup3/cgroup.procs`, and defining its resource limits (e.g., 512M memory.max, 10M/5M disk I/O).
How Linux cgroups work
On Linux, cgroups control and isolate CPU, memory, and I/O per process or container—this is what makes predictable container performance possible 😎👆 Find high-res pdf ebooks with all my Linux and DevOps related infographics from https://study-notes.org #linux #docker #kubernetes #de
Learn Linux with Dan

Learn Linux with Dan

2 likes

DebianLinux

DebianLinux

87 likes

Linux terminal shortcuts
Level up your Linux skills! Terminal shortcuts make command-line work faster, from navigation to file management and quick command execution. Master them to work like a true power user Here is a summary of useful Linux terminal shortcuts 😎👆 #TechTips #softwaredeveloper #productivitytips
Learn Linux with Dan

Learn Linux with Dan

4 likes

Future Cloud/CloudSecOps Engineer 🫡✨🖥️
#Lemon8Diary #cloudengineer #techgirlie #techtok #techlife
A ꨄ

A ꨄ

20 likes

Linux lsof command examples
If I had to pick a personal favorite among lesser-known Linux commands, it would be lsof. It’s my go-to tool for discovering which files are open and which processes are using them. Since everything in Linux is treated as a file, lsof proves to be surprisingly powerful and endlessly useful Here
Learn Linux with Dan

Learn Linux with Dan

3 likes

So you want to “learn Linux”?
Here are the harsh truths nobody tells you… 🐧 Most Linux roles aren’t entry level. The CLI is mandatory. Certs don’t matter without skill. If that scared you… good. Because Linux isn’t for the weak. Still want to continue? #linux #cybersecurity #computerscience
Professor Linux

Professor Linux

1 like

Linux netcat command examples
The netcat command lets you read from and write to network connections using TCP or UDP. Its flexibility makes it a must-have for infosec professionals, who use it for tasks such as port scanning, banner grabbing, and setting up reverse shells during penetration tests. Here are useful netstat co
Learn Linux with Dan

Learn Linux with Dan

10 likes

The image explains how Linux cgroups work, illustrating resource control for CPU, Memory, Storage I/O, and Network. It shows how to create cgroups and attach a process (PID 12345) to cgroup3, detailing its defined resource limits for memory and disk I/O, along with current usage.
How Linux cgroups work
Linux cgroups let you control and isolate how much CPU, memory, and I/O each process or container can use — the foundation of modern container performance management Here is how Linux cgroups work 😎👆 #cybersecurity #devops #softwareengineer #linux #TechTips Find high-res pdf bo
Learn Linux with Dan

Learn Linux with Dan

2 likes

A list titled 'Top Cybersecurity GitHub Projects' created by Dan Nanni at study-notes.org, updated 2025/9. It features various GitHub repositories with their star counts and brief descriptions, covering cybersecurity resources, hacking tools, reverse engineering, and pentesting.
Top cybersecurity-related GitHub projects
GitHub is home to many open-source cybersecurity projects, providing security professionals with a rich toolkit for research, defense, and response Here are a list of the most popular #github repositories related to cybersecurity 😎👆 #infosec #informationsecurity #pentest Find a high-
Learn Linux with Dan

Learn Linux with Dan

29 likes

User management commands for Linux
Even on a single-user Linux system, multiple accounts keep root actions separate, run services with least privilege, and let you test things without breaking your main environment. Here are essential Linux commands for user management 😎👆 Find high-res pdf ebooks with all my Linux related info
Learn Linux with Dan

Learn Linux with Dan

2 likes

This infographic illustrates different types of ping methods, including ICMP, TCP, UDP, ARP, and HTTP. For each type, it shows the request and reply protocols, along with common Linux tools used for each ping method, such as ping, tcping, nping, arping, and httping.
Different types of ping
In networking, ping is known as a way to test network connectivity and measure RTT between devices. While ping probes typically use ICMP, alternative protocols like TCP or UDP can be used as well Here are different types of ping methods and supported #linux tools 😎👆 #software #TechTips #
Learn Linux with Dan

Learn Linux with Dan

14 likes

See more