Linux: Virtual Machine Tools

First, this walkthrough is going to be quick and will be using the digital forensics tool suite Tsurugi OS, but generally can be applied to many other Linux distros. What is Tsurugi? Per

Review: CSI Linux + Training

CSI Linux is another DFIR and cyber investigation Linux distribution in line with CAINE, Tsurugi, and SIFT Workstation. It has been developed over the last few years by the team at Information Warfare Center, who also run the Cyber Secrets YouTube channel.


You have been called to analyze a compromised Linux server. Figure out how the threat actor gained access, what modifications were applied to the system, and what persistent techniques were utilized. (e.g. backdoors, users, sessions, etc).

Arch Linux and DKMS

I am not sure if anyone else has had this problem but lately when the kernel for Arch Linux is updated the DKMS fails to notice the new kernel and tried to install the modules for the old (now removed) kernel.