This room introduced me to the fundamentals of Linux forensics. I explored how to collect and analyze artifacts such as user accounts, bash history, system logs, and cron jobs. The exercises showed me that Linux systems, just like Windows, retain detailed records of user and process activity that can be vital in an investigation.
By completing the tasks, I learned how to navigate a Linux environment with a forensic mindset. I came away better prepared to identify suspicious behavior on Linux endpoints, which is an important skill given how commonly Linux is used in servers and production systems.
