Linux Forensics
Accounting entries:
utmp
Info about currently logged in users
wtmp
Data about past user logins
btmp
Bad login entries for failed login attempts
lastlog
Shows login name, port, and last login time for each user
Last updated
Accounting entries:
utmp
Info about currently logged in users
wtmp
Data about past user logins
btmp
Bad login entries for failed login attempts
lastlog
Shows login name, port, and last login time for each user
Last updated