linux_shortcuts2

Question 1

chkrootkit

Answer 1

Check security settings of the system for anomalies.

Question 2

daemon.lof

Answer 2

running services, such as squid and ntpd

Question 3

dd

Answer 3

command helps create backups and restore MBR.

Question 4

dd command

Answer 4

In UNIX/Linux, the dd command helps create backups and restore MBR.

Question 5

df

Answer 5

command helps determine amount of disk space used and free disk space on the mounted qewfile systems on a Linux system

Question 6

df

Answer 6

command retrieves data pertaining to the amount of disk space used and free disk space on the mounted systems.

Question 7

dmesg

Answer 7

Displays kernel ring buffers or information about device drivers loaded into the kernel.

Question 8

dpkg.log

Answer 8

Package installation or removal logs

Question 9

fls/fls -i

Answer 9

command to list the files and directories available in an image file

Question 10

history

Answer 10

Lists the Bash’s log of the typed commands.

Question 11

hostname

Answer 11

command to view the current system name and DNS of a Linux machine, can also be useful while examining logs and network traffic.

Question 12

ifconfig

Answer 12

This tool is used to check if a network interface has been set to promiscuous mode.

Question 13

istat

Answer 13

Use istat command to display the metadata of a file, such as MAC times, file size, and file access permissions, by specifying a particular inode number.

Question 14

kern.log

Answer 14

Initialization of kernels, kernel errors or informational messages sent from the kernel

Question 15

last

Answer 15

Investigators should also check the contents of the /var/log/wtmp file to pull out information regarding system boot time, user login history etc. They can use the last command to view user login history and other related details.

Question 16

LiME

Answer 16

Tool used in the acquisition of RAM dumps in a Linux machine.

Question 17

lpr.log

Answer 17

printer logs

Question 18

lsmod

Answer 18

command to determine the status of modules loaded in the Linux Kernel.

Question 19

lsof

Answer 19

List open files, retrieves info on all active processes

Question 20

mmls

Answer 20

The Sleuth Kit command can help investigators view the detailed partition layout for the GPT disk, along with the MBR details.

Question 21

mount

Answer 21

command displays information related to the mounted file systems on Linux

Question 22

nbtscan

Answer 22

is a program for scanning IP networks for Net BIOS name information. Sens a Net BIOS status query to each address in the supplied range and lists the received information in a m human0readable form

Question 23

nc -l

Answer 23

Netcat tool for guiding local machine to start listening to TCP connections.

Question 24

netstat -p

Answer 24

Lists PID/Program name

Question 25

netstat

Answer 25

A TCP/IP troubleshooting utility that displays statistics and the state of current TCP/IP connections. It also displays ports, which can signal whether services are using the correct ports.

Question 26

nmap -sT localhost

Answer 26

To identify TCP ports that are open and obtain information on them.

Question 27

nmap -sU localhost

Answer 27

To identify UDP ports that are open and obtain information on them.

Question 28

Portable Document Format (PDF)

Answer 28

files can also contain metadata such as name of the author, the date when file was created

Question 29

Prefetch

Answer 29

When a user installs an application, runs it, and deletes it, traces of that application can be found in this directory

Question 30

PsList

Answer 30

displays basic information about the already running processes on a system, including the amount of time each process has been running (in both kernel and user modes).

Question 31

rkhunter

Answer 31

command lists hidden directories or suspicious file types under /dev directory.

Question 32

RP.log Files

Answer 32

file located within the restore point (RPxx) directory

Question 33

wtmp log file

Answer 33

command pulls the login history from the _____________ file.