Gary Jones
Gary Jones
Kali LinuxCommand Line (Bash)psfindawkCybersecurity

Forensics of Linux Directory and Active Processes

Forensics of Linux Directory and Active Processes
0 views
2 min read
#Kali Linux#Command Line (Bash)#ps#find#awk#Cybersecurity
Table Of Content

Key Discovery Report

Situation:

The objective was to locate and identify two sensitive keys (KEY001 and KEY002) within a Kali Linux virtual machine using Linux command-line tools. The project required navigating the filesystem, inspecting active processes, and applying pattern-matching techniques.

Obstacles:

  1. Permission Restrictions: Certain directories and files were inaccessible due to insufficient privileges.
  2. Command Misuse: Initial attempts with specific flags (e.g., ps -fC KEY) failed due to overly restrictive search parameters.
  3. Complex Search Scope: Locating the keys required an efficient search strategy across a large filesystem and process list.

Actions Taken:

  1. Used the find command with sudo to search for files in the filesystem with names starting with "KEY*".
  2. Utilized the ps -ef command paired with awk to identify processes containing "KEY" in their output.
  3. Debugged failed commands by adjusting parameters and using broader search techniques to ensure accurate matches.

Results:

  1. KEY001 was successfully located using the find command and identified as KEY001-t8DnV+HDpVm9Ey0Y2nUfxA=.
  2. KEY002 was identified through process inspection with ps and awk, yielding KEY002-kmrMSsSaaSvbbVz3yW0zaw=.
  3. Demonstrated effective command-line and forensic analysis skills by overcoming technical challenges and achieving project objectives.

Tool Purpose Overview

Kali Linux:

  • A specialized Linux distribution for penetration testing and cybersecurity tasks, providing the necessary environment for forensic investigations.

find:

  • Used to search files and directories based on specific criteria such as name patterns (-name "KEY*").

ps:

  • Inspects currently running processes, offering insights into active system operations.

awk:

  • A text-processing tool that filters and extracts specific patterns from command output, enabling precise identification.

sudo:

  • Provides elevated privileges to access restricted files and directories, ensuring comprehensive search capabilities.

General Command-Line Skills:

  • Enabled efficient navigation, debugging, and execution of commands within the Linux environment.

View PDF Document