UNIX and Linux Forensic Analysis DVD Toolkit

Chapter 6. The /Proc File System

Solutions in this chapter:
Introduction

Putting It All Together

sysfs

Introduction

Previous chapters have (hopefully) driven home the importance of collecting volatile data. This chapter will help you collect arguably the most volatile data present on a UNIX system—the contents of the /proc file system. You first saw /proc in action in Chapter 3. While some of the information available from /proc can be collected via other methods, /proc is the only place you'll be able to collect some incredibly vital data.

The /proc file system is what is known as a “pseudo” or “virtual” file system, non-file data represented as a hierarchical file system that doesn't actually exist on disk. It was originally designed to ...

Get UNIX and Linux Forensic Analysis DVD Toolkit now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

UNIX and Linux Forensic Analysis DVD Toolkit by Chris Pogue, Cory Altheide, Todd Haverkos

Chapter 6. The /Proc File System

Solutions in this chapter:

Introduction

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly