linux_shortcuts2 Flashcards
CHFI certificate
chkrootkit
Check security settings of the system for anomalies.
daemon.lof
running services, such as squid and ntpd
dd
command helps create backups and restore MBR.
dd command
In UNIX/Linux, the dd command helps create backups and restore MBR.
df
command helps determine amount of disk space used and free disk space on the mounted qewfile systems on a Linux system
df
command retrieves data pertaining to the amount of disk space used and free disk space on the mounted systems.
dmesg
Displays kernel ring buffers or information about device drivers loaded into the kernel.
dpkg.log
Package installation or removal logs
fls/fls -i
command to list the files and directories available in an image file
history
Lists the Bash’s log of the typed commands.
hostname
command to view the current system name and DNS of a Linux machine, can also be useful while examining logs and network traffic.
ifconfig
This tool is used to check if a network interface has been set to promiscuous mode.
istat
Use istat command to display the metadata of a file, such as MAC times, file size, and file access permissions, by specifying a particular inode number.
kern.log
Initialization of kernels, kernel errors or informational messages sent from the kernel
last
Investigators should also check the contents of the /var/log/wtmp file to pull out information regarding system boot time, user login history etc. They can use the last command to view user login history and other related details.
LiME
Tool used in the acquisition of RAM dumps in a Linux machine.
lpr.log
printer logs
lsmod
command to determine the status of modules loaded in the Linux Kernel.
lsof
List open files, retrieves info on all active processes
mmls
The Sleuth Kit command can help investigators view the detailed partition layout for the GPT disk, along with the MBR details.
mount
command displays information related to the mounted file systems on Linux
nbtscan
is a program for scanning IP networks for Net BIOS name information. Sens a Net BIOS status query to each address in the supplied range and lists the received information in a m human0readable form
nc -l
Netcat tool for guiding local machine to start listening to TCP connections.
netstat -p
Lists PID/Program name
netstat
A TCP/IP troubleshooting utility that displays statistics and the state of current TCP/IP connections. It also displays ports, which can signal whether services are using the correct ports.
nmap -sT localhost
To identify TCP ports that are open and obtain information on them.
nmap -sU localhost
To identify UDP ports that are open and obtain information on them.
Portable Document Format (PDF)
files can also contain metadata such as name of the author, the date when file was created
Prefetch
When a user installs an application, runs it, and deletes it, traces of that application can be found in this directory
PsList
displays basic information about the already running processes on a system, including the amount of time each process has been running (in both kernel and user modes).
rkhunter
command lists hidden directories or suspicious file types under /dev directory.
RP.log Files
file located within the restore point (RPxx) directory
wtmp log file
command pulls the login history from the _____________ file.
