# Linux Home:

### Determine if its Debian/RedHat

Command `which rpm` OR `which dpkg`

If nothing above returns the result, run following: `cat /etc/os-release | grep -E '^NAME=|PRETTY_NAME='`

### Get Hostname

`cat /etc/hostname`

### Get System timezone:

`cat /etc/timezone`

Get OS Version: `cat /etc/os-release`

Get OS details.  `uname -a` and `lsb_release -a`

Get Env Variables: The $PATH displays a list of directories that tells the shell which directories to search for executable files, in order to check for directories that are in your path you can use.:

`echo $PATH`

Now towards:

1. [user-artifacts](https://linux.inishantgrover.com/user-artifacts "mention")
2. [persistence](https://linux.inishantgrover.com/persistence "mention")
3. [system-and-file-artifacts](https://linux.inishantgrover.com/system-and-file-artifacts "mention")
4. [process-artifacts](https://linux.inishantgrover.com/process-artifacts "mention")
5. [network-artifacts](https://linux.inishantgrover.com/network-artifacts "mention")
6. [linux-memory-collection](https://linux.inishantgrover.com/linux-memory-collection "mention")
7. [application-logs](https://linux.inishantgrover.com/application-logs "mention")
8. [investigating-rootkits](https://linux.inishantgrover.com/investigating-rootkits "mention")
9. [collection-scripts](https://linux.inishantgrover.com/collection-scripts "mention")

**References:**

1. <https://tho-le.medium.com/linux-forensics-some-useful-artifacts-74497dca1ab2>
2. <https://library.mosse-institute.com/cyber-domains/digital-forensics.html#linux-forensics>
3. <https://www.halkynconsulting.co.uk/a/2020/11/linux-dfir-workflow-for-a-busy-responder/>