Abstract
This chapter focuses primarily on Linux, but makes an effort to point out differences and caveats when dealing with other systems where applicable. For the most part, user land utilities are either identical or have interoperable analogs on all the Unix-like systems—dealing with kernel-level information and hardware access is where things diverge quickly. UNIX and Unix-like systems are used for many purposes, from low-end embedded systems to the most powerful supercomputing clusters in the world. In addition to the two main “open” Unix-like systems, several commercial UNIX systems derived from System V are still in use today. Before we discuss them, let us clarify some terminology. Linux is used to describe any number of operating systems based upon the Linux kernel. These systems generally use code from the GNU project for the core of their userland utilities, and thus you may hear the term GNU/Linux used as well. It is important for forensic examiners to understand the Unix system startup process. Knowledge of startup files can help forensic examiners determine which version of the operating system was running and when it was installed.
Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
