Description: There is a lot of useful file metadata stored in package management databases for popular Linux distributions. The RedHat Package Manager (RPM) and Debian's dpkg are two examples. We'll focus on how to leverage RPM in forensic investigations, as it can provide a quick and effective way to find changed files that warrant more in-depth analysis. We'll also discuss potential shortfalls to consider in using this method.
For More Information please visit : - SANS Digital Forensics - https://www.youtube.com/channel/UCwSo89W3KgPrid41vskBDYA
Tags:
Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying.