In this short video from our Ubuntu Forensics course we'll train extracting databases with SQLite3. Among other tools used to analyze an Ubuntu system, SQLite3 is particularly useful to get the evidence out and in front of you effectively. If you want to know more about using Ubuntu tools and analyzing Ubuntu systems join the course, for now let's just dive in!
The course aims to deepen the knowledge of the Ubuntu OS and reconstruct users’ activities by collecting of forensic artifacts produced during the work sessions in the Linux environment, such as recent documents, form history, web searches, bookmarks and downloads. We will focus not only on the analysis of Ubuntu systems, but also on the use of the Ubuntu OS as a forensic analysis tool. In fact, after an introduction to the Linux environment and the bash shell commands, the student will learn how to configure an Ubuntu workstation, optimizing it for the forensic analysis of Linux systems.
Consideration will be given to the main Linux forensics tools freely available, such as the Sleuth Kit, Bulk Extractor, Exiftool. Particular attention will be given to the most useful Linux commands in the forensic field such as dd, mount, grep, find. Finally, we will address the issue of encryption and decryption of the file system through the use of the popular and powerful tools eCryptfs and John the Ripper.
Why take this course now?
No matter what stage of your career you're at, the skills learned here will serve you well in the future. At the end of the course, you will be able to make a fully valid and thorough forensic expertise in a Linux environment through the use of only freeware tools. The very practical approach can be used both for understanding the principles behind Ubuntu OS and learning how to create scripts using the bash shell to solve custom tasks.