Forensics

How to monitor disk activity (I/O) on Linux

Got a busy Linux systems and wondering what the culprit is? Learn how to monitor them and focus on disk activity with tools like iotop, sar, vmstat, or iostat.

How to find symbolic links that point to a directory

Symbolic links may point to a directory or a file. Learn how to use the find command to discover symbolic links that refer to a directory.

Smem

The command smem can help showing memory usage, including the usage of swap. Here are the most common options explained.

How to securely delete a file and its contents

Need to delete the contents of a sensitive file on Linux? Instead of just deleting it with rm, have a look at some other options for a more secure deletion.

How to see the creation date of a file

Linux may store the initial creation of a file. Learn how to use the stat command to find this initial creation time of a file, also known as its birth time.

Understanding memory information on Linux systems

Linux memory management is an extensive subject. This guide helps you understanding the how to analyze it and obtain available memory information.

How to see the file type?

Learn how to determine the details of most types of files on Linux, together with the understanding how these tools do their job.

Auditing Linux processes: The Deep Dive!

In-depth article about auditing Linux processes. Determination of running processes, memory and on-disk structure and the proper tools for analyzing them.

Configuring and auditing Linux systems with Audit daemon

Guide for auditing Linux systems by using the audit daemon and related utilities. This powerful audit framework has many possibilities for auditing Linux.

How to deal with a compromised Linux system

Is your Linux system compromised or does it run suspicious processes? Learn how to investigate the system and create an action plan.