Craig Rowland from Sandfly Security discusses how to use basic Linux command line tools to do intrusion detection and digital forensics for Linux systems.
This presentation talks about how to use pre-loaded Linux tools to quickly assess a system for signs of compromise. You won’t need to load any special tools. The techniques he discusses use tools already on most all Linux hosts.
Craig discusses how to spot common attacks, what to look for to spot suspicious activity, locating hackers, common indicators of compromise onto a Linux host, and why you should look for simple forensic indicators first before worrying about Advanced Persistent Threats.
This presentation covers cyber forensics, cyber defense, and cyber attacks.
Slides are available here: https://www.sandflysecurity.com/command-line-forensics-linux-christchurch-hackercon-2017/
This presentation was given at the Christchurch Hacker Con 2017 in Christchurch, New Zealand.