Linux Forensics

Accounting entries:

  • utmp

    • Info about currently logged in users

  • wtmp

    • Data about past user logins

  • btmp

    • Bad login entries for failed login attempts

  • lastlog

    • Shows login name, port, and last login time for each user

PreviousEvent LogsNextNetwork Forensics

Last updated

Was this helpful?