Linux Forensics

Investigating compromised Linux servers, logs (/var/log), and bash history.

Linux Logs

Linux logs are stored in /var/log/

/var/log/auth.log - Authentication attempts

/var/log/syslog - System events

~/.bash_history - Command history