Basic Steps in Forensic Analysis of Unix Systems

This Web tutorial instructs learners on forensic analysis of machines running the Unix operating system. It covers steps used for analysis and includes graphics, illustrations and references. The tutorial also provides sample Unix scripts and protocols. In addition, the materials demonstrate how to run analysis using standard Unix tools, specifically The Coroner’s Toolkit (TCT), which includes the specialized programs grave-robber, unrm, lazarus and mactime. No other course materials are available, although students are expected to have access to a Unix workstation.

Permanent link to this article: