UNIX and Linux Forensic Analysis DVD Toolkit

Chapter 7. File Analysis

Solutions in this chapter:
The Linux Boot Process

System and Security Configuration Files

Log Files

Identifying Other Files of Interest

The Linux Boot Process

The first step in the Linux boot process is loading the kernel. The kernel is generally found in the /boot directory and will be referenced by the boot loader. Modern Linux distributions will usually use the Grand Unified Boot Loader (GRUB), although some (notably Slackware) will still use the Linux Loader (LILO). Both serve the same purpose: loading the kernel and initiating system boot up. Let's look at some relevant entries from a sample grub.conf file:

default=0
timeout=5

This indicates that the default grub entry that will be booted after a 5-second delay ...

Get UNIX and Linux Forensic Analysis DVD Toolkit now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

UNIX and Linux Forensic Analysis DVD Toolkit by Chris Pogue, Cory Altheide, Todd Haverkos

Chapter 7. File Analysis

Solutions in this chapter:

The Linux Boot Process

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly