Conduct digital forensics on Linux systems with new Academy Module

The

Introduction to Linux Forensics

module covers techniques for conducting digital forensics on Linux systems prevalent in enterprise servers and cloud infrastructures. This includes an in-depth overview of the steps included in the forensics process, what scenarios require an investigation, becoming familiar with open-source and command-line tools, what types of artifacts are examined, and how to create a detailed timeline.

Key learning outcomes include:

In-depth understanding of digital forensics principles and maintaining chain of custody for Linux systems
How to locate and collect key Linux artifacts such as /var/log, bash history, cron jobs, and filesystem MACb timestamps
Practical skills development using Systemd Journal, Auditd, Sysmon for Linux, AVML, and Volatility 3 to avoid tampering with evidence
Deeper understanding of how to document and present forensic findings in a clear, reproducible, and legally defensible format