Day 7

Categories
Page content

Disk & Network Forensics

6 * W - Questions

  • Who did it ?
  • What happened ?
  • When did it happen ?
  • Where did it happen ?
  • Why was it done ?
  • How did it happen ?

Linux File ID Fulltime

ls -lih --full-time
total 113M
1226 -rw-r--r-- 1 root   root   113M 2022-01-27 09:40:41.000000000 +0100 checkmk.deb
1442 drwx------ 2 root   root   4.0K 2022-02-11 11:21:35.821224899 +0100 ssh-TfT7oxzck4
 786 drwx------ 3 root   root   4.0K 2022-01-14 06:46:45.328189074 +0100 systemd-private-7c839f7891a9-apache2.service-RkOk6g
1234 drwx------ 3 root   root   4.0K 2021-12-25 13:16:17.976000000 +0100 systemd-private-7c839f7891a9-systemd-logind.service-5G6Qwg
1218 drwx------ 3 root   root   4.0K 2021-12-25 13:16:17.880000000 +0100 systemd-private-7c839f7891a9-systemd-timesyncd.service-ivCTng
1238 drwx------ 3 root   root   4.0K 2021-12-25 13:16:17.980000000 +0100 systemd-private-7c839f7891a9-vnstat.service-w7sGvi

sha256: 4ef47c15a85c4bf633d2a763b5c1eb34fce1a574a13e461f298ddacd8d783b59