Linux Forensics | Tryhackme Walkthrough

Rahul Kumar
2 min readApr 29, 2023

--

Learn about the common forensic artifacts found in the Linux Operating System file system.

System Configurations:

Ques 1: What is the hostname of the attached VM?

Ans: Linux4n6

Ques 2: What is the timezone of the attached VM?

Ans: asia/karachi

Ques 3: What program is listening on the address 127.0.0.1:5901?

Ans: Xtigervnc

Ques 4: What is the full path of this program?

Ans: /usr/bin/Xtigervnc

Persistence mechanisms:

Ques 1: In the bashrc file, the size of the history file is defined. What is the size of the history file that is set for the user Ubuntu in the attached machine?

Ans: 2000

Evidence of Execution:

Ques 1: The user tryhackme used apt-get to install a package. What was the command that was issued?

Ans: sudo apt-get install apache2

Ques 2: What was the current working directory when the command to install net-tools was issued?

Ans: /home/ubuntu

Log Files:

Ques 1: Though the machine’s current hostname is the one we identified in Task 4. The machine earlier had a different hostname. What was the previous hostname of the machine?

Ans: tryhackme

Sign up to discover human stories that deepen your understanding of the world.

Free

Distraction-free reading. No ads.

Organize your knowledge with lists and highlights.

Tell your story. Find your audience.

Membership

Read member-only stories

Support writers you read most

Earn money for your writing

Listen to audio narrations

Read offline with the Medium app

--

--

Rahul Kumar
Rahul Kumar

Written by Rahul Kumar

Cybersecurity Enthusiast!! | COMPTIA SEC+ | CCSK | CEH | MTA S&N | Cybersecurity Analyst | Web Application Security

No responses yet

What are your thoughts?