Linux is everywhere– running in the cloud, on cell phones, and in embedded devices that make up the “Internet of Things”. Often neglected by their owners, vulnerable Linux systems are low-hanging fruit for attackers wishing to create powerful botnets or mine cryptocurrencies. Ransomware type attacks may target Linux-based database systems and other important infrastructure.
As attacks against Linux become more and more common, there is an increasing demand for skilled Linux investigators. But even experienced forensics professionals may lack sufficient background to properly conduct Linux investigations. Linux is its own particular religion and requires dedicated study and practice to become comfortable.
Instructor: Hal Pomeranz
Course Length: 16 Hours
Tuition: $575 USD
This page is for the On-Demand version of this course. Please check our Live Events Calendar for any live presentations of this class currently scheduled.
This 16-hour, hands-on course is a quick start into the world of Linux forensics. Learn how to use memory forensics to rapidly triage systems and spot attacker malware and rootkits. Learn where the most critical on-disk artifacts live and how they can help further an investigation. Rapidly process Linux logs and build a clearer picture of what happened on the system.
- Acquiring and analyzing Linux memory
- Accessing complex Linux disk geometries
- Rapid triage for key Linux artifacts
- Linux log analysis
Who Should Take This Course
- Experienced forensic professionals wanting to expand their Linux knowledge
- SOC analysts needing a stronger grounding in Linux
- Administrators/developers defending Linux infrastructures
Audience Skill Level
This course is an introduction to Linux forensics, but not an introduction to forensics. The course assumes at least some knowledge of digital forensic methods, such as evidence acquisition. This course is heavily command-line driven, so basic familiarity with the Linux command-line is helpful.
- High-speed Internet access
- A BitTorrent client for downloading course materials (e.g., Transmission https://transmissionbt.com/download/)
- A computer with at least 150GB of free space and capable of running a 64-bit VMware virtual machine using 4GB of RAM
What Each Student Should Bring
A properly configured computer and natural curiosity!
About Our On-Demand Courses…
Learn at your own pace with access to course content, lectures, and demos in the Antisyphon On-demand learning platform. Many courses are offered with lifetime access to the course and content updates. On-demand courses include content update alerts, access to dedicated support channels in the Antisyphon Discord server, a certificate of completion, and complimentary access to the Antisyphon Cyber Range*.
* Cyber Range access and other course features may vary from course to course. See the specific details for each course on its registration page.
Trainer & Author
Hal Pomeranz is an independent digital forensic investigator who has consulted on cases ranging from intellectual property theft, to employee sabotage, to organized cybercrime and malicious software infrastructures. He has spent more than thirty years providing pragmatic Information Technology and Security solutions for some of the world’s largest commercial, government, and academic institutions.