ForensicsWiki will continue to operate as it has before and will not be shutting down. Thank you for your continued support of ForensicsWiki.
Determining OS version from an evidence image
One of the first steps an examiner will need to carry out once they have an evidence image is log system metadata, including OS version and patch level. This may be of particular importance if the image in question is from a machine that is suspected of having been compromised.
The family of DOS based Windows operating systems.
Information about a running system, including the kernel version, can be displayed using the command `uname -a`. However this is not much good if you performing dead analysis on a disk image.