Difference between pages "Determining OS version from an evidence image" and "Category:Test"

From ForensicsWiki
(Difference between pages)
Jump to: navigation, search
(Added category and so on)
 
(Created page with 'this is a test category please disregard')
 
Line 1: Line 1:
One of the first steps an examiners will need to carry out once they have an evidence image is to log system metadata, including OS version and patch level. This may be of particular importance if the image in question is from a machine that is suspected of having been compromised.
+
this is a test category please disregard
 
+
==Windows==
+
 
+
===Windows 95/98/ME===
+
 
+
===Windows NT===
+
 
+
===Windows 2000/2003/XP/Vista===
+
Information about a running system can be displayed using the command `ver` (and `systeminfo` on some systems).
+
 
+
==Unix/Linux==
+
Information about a running system, including the kernel version, can be displayed using the command `uname -a`. However, this is not much good if you performing dead analysis on a disk image.
+
 
+
===Linux===
+
A number of Linux distributions create a file in ''/etc'' to identify the release or version installed.
+
 
+
{| class="wikitable" border="1"
+
|-
+
!Distro!!Tag
+
|-
+
|Red Hat || /etc/redhat-release
+
|-
+
|Debian  || /etc/debian-version
+
|}
+
 
+
===Solaris===
+
 
+
===Free/Net/OpenBSD===
+
 
+
===AIX===
+
 
+
===HP/UX===
+
 
+
[[Category:Howtos]]
+

Latest revision as of 11:13, 29 April 2010

this is a test category please disregard