We've bounced from Windows to OSX and around the cloud. What we haven't done though is venture in the deep waters of Linux forensics. Today let's help out our fellow examiners who are in the trenches with few landmarks to lead their way in the linux forensics wasteland with this weeks challenge focused on Auditd.
The Prize:
$100 Amazon Giftcard
An apperance on the following week's Forensic Lunch!
The Rules:
- You must post your answer before Friday 5/15/20 7PM CST (GMT -5)
- The most complete answer wins
- You are allowed to edit your answer after posting
- If two answers are too similar for one to win, the one with the earlier posting time wins
- Be specific and be thoughtful
- Anonymous entries are allowed, please email them to dlcowen@gmail.com. Please state in your email if you would like to be anonymous or not if you win.
- In order for an anonymous winner to receive a prize they must give their name to me, but i will not release it in a blog post
On a Linux system with Auditd enabled answer the following quesitons:
1. What new data sources does Auditd create
2. What tools support the data
3. What can an examiner determine from Auditd
4. How long is the data retained for
Post a Comment