analyzing-linux-system-artifacts

Featured

Examine Linux system artifacts including auth logs, cron jobs, shell history, and system configuration to uncover evidence of compromise or unauthorized activity.

AI & Automation 12,642 stars 1468 forks Updated today Apache-2.0

Install

View on GitHub

Quality Score: 99/100

Stars 20%
100
Recency 20%
100
Frontmatter 20%
70
Documentation 15%
100
Issue Health 10%
50
License 10%
100
Description 5%
100

Skill Content

# Analyzing Linux System Artifacts ## When to Use - When investigating a compromised Linux server or workstation - For identifying persistence mechanisms (cron, systemd, SSH keys) - When tracing user activity through shell history and authentication logs - During incident response to determine the scope of a Linux-based breach - For detecting rootkits, backdoors, and unauthorized modifications ## Prerequisites - Forensic image or live access to the Linux system (read-only) - Understanding of Linux file system hierarchy (FHS) - Knowledge of common Linux logging locations (/var/log/) - Tools: chkrootkit, rkhunter, AIDE, auditd logs - Familiarity with systemd, cron, and PAM configurations - Root access for complete artifact collection ## Workflow ### Step 1: Mount and Collect System Artifacts ```bash # Mount forensic image read-only mount -o ro,loop,offset=$((2048*512)) /cases/case-2024-001/images/linux_evidence.dd /mnt/evidence # Create collection directories mkdir -p /cases/case-2024-001/linux/{logs,config,users,persistence,network} # Collect authentication logs cp /mnt/evidence/var/log/auth.log* /cases/case-2024-001/linux/logs/ cp /mnt/evidence/var/log/secure* /cases/case-2024-001/linux/logs/ cp /mnt/evidence/var/log/syslog* /cases/case-2024-001/linux/logs/ cp /mnt/evidence/var/log/kern.log* /cases/case-2024-001/linux/logs/ cp /mnt/evidence/var/log/audit/audit.log* /cases/case-2024-001/linux/logs/ cp /mnt/evidence/var/log/wtmp /cases/case-2024-001/linux/logs/ cp /mnt/e...

Details

Author
mukul975
Repository
mukul975/Anthropic-Cybersecurity-Skills
Created
3 months ago
Last Updated
today
Language
Python
License
Apache-2.0

Similar Skills

Semantically similar based on skill content — not just same category

AI & Automation Featured

performing-linux-log-forensics-investigation

Perform forensic investigation of Linux system logs including syslog, auth.log, systemd journal, kern.log, and application logs to reconstruct user activity, detect unauthorized access, and establish event timelines on compromised Linux systems.

12,642 Updated today
mukul975
DevOps & Infrastructure Featured

analyzing-persistence-mechanisms-in-linux

Detect and analyze Linux persistence mechanisms including crontab entries, systemd service units, LD_PRELOAD hijacking, bashrc modifications, and authorized_keys backdoors using auditd and file integrity monitoring

12,642 Updated today
mukul975
AI & Automation Featured

investigating-ransomware-attack-artifacts

Identify, collect, and analyze ransomware attack artifacts to determine the variant, initial access vector, encryption scope, and recovery options.

12,642 Updated today
mukul975
AI & Automation Featured

performing-log-analysis-for-forensic-investigation

Collect, parse, and correlate system, application, and security logs to reconstruct events and establish timelines during forensic investigations.

12,642 Updated today
mukul975
AI & Automation Featured

collecting-volatile-evidence-from-compromised-host

Collect volatile forensic evidence from a compromised system following order of volatility, preserving memory, network connections, processes, and system state before they are lost.

12,642 Updated today
mukul975