content update linux forensics

2025-08-09 22:45:33 +02:00 · 2025-08-09 22:45:33 +02:00 · b8311e152d
commit b8311e152d
parent 4d423eb403
2 changed files with 183878 additions and 161247 deletions
--- a/data/embeddings.json
+++ b/data/embeddings.json
--- a/src/data/tools.yaml
+++ b/src/data/tools.yaml
@ -6607,6 +6607,545 @@ tools:
    icon: 📧
    license: LGPL-3.0
    accessType: download
+  - name: Linux Netzwerk-Konfiguration Analyse
+    type: method
+    description: >-
+      Systematische Auswertung von /etc/network/interfaces (Debian/Ubuntu), 
+      /etc/sysconfig/network (SUSE), /etc/NetworkManager (WLAN) für 
+      Netzwerk-Timeline-Reconstruction. Static/Dynamic-IP-Analysis, 
+      Gateway-Configuration, WLAN-SSID-History und Interface-Status-Tracking.
+    url: https://cloud.cc24.dev/f/32342
+    skillLevel: intermediate
+    domains:
+      - incident-response
+      - network-forensics
+    phases:
+      - examination
+      - analysis
+    tags:
+      - network-configuration
+      - interface-analysis
+      - wlan-analysis
+      - ip-configuration
+      - gateway-analysis
+    related_concepts:
+      - Network Protocols & Packet Analysis
+  - name: Linux File Access Timestamp Analyse
+    type: method
+    description: >-
+      Dateizugriffs-Rekonstruktion durch stat, ls -l, date -r für 
+      Access/Modify/Change-Time-Analysis. Filesystem-Metadaten-Extraction, 
+      Touch-Command-Detection, Root-Manipulation-Identification. Correlation 
+      mit System-Logs für vollständige File-Activity-Timeline.
+    url: https://cloud.cc24.dev/f/32342
+    skillLevel: beginner
+    domains:
+      - static-investigations
+      - incident-response
+    phases:
+      - examination
+      - analysis
+    tags:
+      - file-timestamps
+      - metadata-analysis
+      - access-time
+      - modification-time
+      - filesystem-analysis
+    related_concepts:
+      - File Systems & Storage Forensics
+      - Timeline Analysis & Event Correlation
+  - name: Linux Package Management Forensik
+    type: method
+    description: >-
+      APT/RPM-Paketmanager-Analyse für Software-Installation-Timeline und 
+      Integrity-Verification. Repository-Source-Analysis, Package-History-
+      Reconstruction, Dependency-Tracking, Malicious-Package-Detection durch 
+      Signature-Verification und Update-Pattern-Analysis.
+    url: https://cloud.cc24.dev/f/32342
+    skillLevel: intermediate
+    domains:
+      - incident-response
+      - malware-analysis
+    phases:
+      - examination
+      - analysis
+    tags:
+      - package-analysis
+      - software-timeline
+      - installation-history
+      - dependency-tracking
+      - integrity-verification
+    related_concepts:
+      - Hash Functions & Digital Signatures
+      - Timeline Analysis & Event Correlation
+  - name: Linux Namespace Container-Forensik
+    type: method
+    description: >-
+      Container-Isolation-Analysis durch Mount-, UTS-, IPC-, PID-, Network-, 
+      User-Namespace-Examination. Unshare-Command-Analysis, Process-Container-
+      Mapping, Resource-Limitation-Detection via /sys/fs/cgroup für 
+      Container-Escape-Investigation und Privilege-Escalation-Detection.
+    url: https://cloud.cc24.dev/f/32342
+    skillLevel: expert
+    domains:
+      - incident-response
+      - malware-analysis
+    phases:
+      - examination
+      - analysis
+    tags:
+      - container-analysis
+      - namespace-isolation
+      - privilege-escalation
+      - process-isolation
+      - container-escape
+      - cgroup-analysis
+    related_concepts:
+      - Memory Forensics & Process Analysis
+  - name: Docker Container Forensische Analyse
+    type: method
+    description: >-
+      Docker-Image/Container-Layer-Analysis für Containerized-Application-
+      Forensics. Dockerfile-Reconstruction, Image-History-Analysis, 
+      Container-Runtime-Investigation, Volume-Mount-Analysis und 
+      Network-Bridge-Examination für Container-Security-Incident-Response.
+    url: https://cloud.cc24.dev/f/32342
+    skillLevel: advanced
+    domains:
+      - incident-response
+      - cloud-forensics
+      - malware-analysis
+    phases:
+      - examination
+      - analysis
+    tags:
+      - container-forensics
+      - docker-analysis
+      - image-analysis
+      - layer-analysis
+      - volume-analysis
+      - containerized-malware
+    related_concepts:
+      - Memory Forensics & Process Analysis
+    related_software:
+      - Docker Explorer
+  - name: Linux System Monitoring Forensik
+    type: method
+    description: >-
+      Live-System-Überwachung durch ps, top, htop für Process-Analysis und 
+      Malware-Detection. SHA256-Hash-Verification von System-Binaries, 
+      Update-Status-Verification, Hidden-Process-Detection und 
+      Resource-Usage-Anomaly-Analysis für APT-Investigation.
+    url: https://cloud.cc24.dev/f/32342
+    skillLevel: intermediate
+    domains:
+      - incident-response
+      - malware-analysis
+    phases:
+      - examination
+      - analysis
+    tags:
+      - process-monitoring
+      - hash-verification
+      - malware-detection
+      - system-integrity
+      - anomaly-detection
+      - apt-investigation
+    related_concepts:
+      - Hash Functions & Digital Signatures
+      - Memory Forensics & Process Analysis
+    related_software:
+      - hashdeep
+      - md5sum / sha256sum
+  - name: DNS Filtering Analysis (Linux)
+    type: method
+    description: >-
+      /etc/hosts-File-Analysis für DNS-Manipulation-Detection und 
+      Domain-Blocking-Investigation. Static-DNS-Entry-Analysis, 
+      Malware-DNS-Hijacking-Detection, Sinkhole-Configuration-Analysis für 
+      Network-Traffic-Redirection-Investigation und Anti-Malware-Verification.
+    url: https://cloud.cc24.dev/f/32342
+    skillLevel: beginner
+    domains:
+      - incident-response
+      - network-forensics
+      - malware-analysis
+    phases:
+      - examination
+      - analysis
+    tags:
+      - dns-analysis
+      - hosts-file
+      - domain-blocking
+      - dns-hijacking
+      - traffic-redirection
+      - sinkhole-analysis
+    related_concepts:
+      - Network Protocols & Packet Analysis
+  - name: Linux Route Filtering Forensik
+    type: method
+    description: >-
+      Routing-Table-Analysis durch route-Command für Network-Traffic-Flow-
+      Investigation. Static-Route-Configuration-Analysis, Gateway-Manipulation-
+      Detection, Traffic-Filtering-Verification für Network-Isolation-Analysis 
+      und Lateral-Movement-Investigation.
+    url: https://cloud.cc24.dev/f/32342
+    skillLevel: intermediate
+    domains:
+      - incident-response
+      - network-forensics
+    phases:
+      - examination
+      - analysis
+    tags:
+      - routing-analysis
+      - traffic-filtering
+      - gateway-analysis
+      - network-isolation
+      - lateral-movement
+      - route-manipulation
+    related_concepts:
+      - Network Protocols & Packet Analysis
+  - name: GnuPG Verschlüsselungs-Forensik
+    type: method
+    description: >-
+      OpenPGP-Encryption-Analysis für verschlüsselte Kommunikation und 
+      File-Protection-Investigation. Public/Private-Key-Analysis, 
+      Signature-Verification, Encrypted-Message-Recovery-Techniques und 
+      Key-Ring-Analysis für Cryptographic-Evidence-Processing.
+    url: https://cloud.cc24.dev/f/32342
+    skillLevel: advanced
+    domains:
+      - static-investigations
+      - incident-response
+    phases:
+      - examination
+      - analysis
+    tags:
+      - encryption-analysis
+      - pgp-analysis
+      - key-analysis
+      - signature-verification
+      - encrypted-communications
+      - cryptographic-evidence
+    related_concepts:
+      - Hash Functions & Digital Signatures
+  - name: X.509 Certificate Analysis
+    type: method
+    description: >-
+      SSL/TLS-Certificate-Forensik für HTTPS-Communication-Analysis und 
+      PKI-Investigation. Certificate-Chain-Verification, CA-Trust-Analysis, 
+      Certificate-Metadata-Extraction, Expired/Revoked-Certificate-Detection 
+      für Network-Security-Incident-Analysis.
+    url: https://cloud.cc24.dev/f/32342
+    skillLevel: intermediate
+    domains:
+      - incident-response
+      - network-forensics
+    phases:
+      - examination
+      - analysis
+    tags:
+      - certificate-analysis
+      - ssl-tls-analysis
+      - pki-analysis
+      - trust-verification
+      - network-security
+      - https-analysis
+    related_concepts:
+      - Hash Functions & Digital Signatures
+      - Network Protocols & Packet Analysis
+  - name: USB Device Forensic Analysis (Linux)
+    type: method
+    description: >-
+      USB-Hardware-Forensik durch usbauth-Framework für Device-Access-Control-
+      Analysis. USB-Device-History-Reconstruction, Vendor/Product-ID-Analysis, 
+      Port-Binding-Investigation und Device-Type-Classification für 
+      Hardware-Based-Attack-Investigation und Data-Exfiltration-Analysis.
+    url: https://cloud.cc24.dev/f/32342
+    skillLevel: intermediate
+    domains:
+      - incident-response
+      - static-investigations
+    phases:
+      - examination
+      - analysis
+    tags:
+      - usb-forensics
+      - hardware-analysis
+      - device-history
+      - access-control
+      - data-exfiltration
+      - hardware-attacks
+    related_concepts:
+      - Timeline Analysis & Event Correlation
+  - name: Linux Live-Boot Forensik-Umgebung
+    type: method
+    description: >-
+      Kontaminationsfreie Systemuntersuchung durch Boot von USB/DVD ohne 
+      Festplatten-Zugriff. Forensics-Mode deaktiviert automatisches Mounting 
+      und Netzwerk-Services. Ermöglicht saubere Evidence-Akquisition ohne 
+      Host-System-Veränderungen. Alle Änderungen sind nach Ausschalten gelöscht.
+    url: https://cloud.cc24.dev/f/32342
+    skillLevel: beginner
+    domains:
+      - incident-response
+      - static-investigations
+    phases:
+      - data-collection
+      - examination
+    tags:
+      - live-acquisition
+      - write-blocker
+      - contamination-prevention
+      - forensic-imaging
+      - read-only-access
+    related_concepts:
+      - Digital Evidence Chain of Custody
+    related_software:
+      - Kali Linux
+      - SIFT Workstation
+      - CAINE
+  - name: Linux Festplatten-Partitionierung
+    type: method
+    description: >-
+      Systematische Datenträger-Aufteilung mit fdisk (MBR) oder gdisk (GPT)  für
+      forensische Imaging-Workflows. Unterstützt DOS-, GPT-, SGI- und 
+      Sun-Partitionierungen. Kombiniert mit mkfs für Dateisystem-Erstellung. 
+      Essentiell für Evidence-Storage und Analyse-Partitionen.
+    url: https://cloud.cc24.dev/f/32342
+    skillLevel: intermediate
+    domains:
+      - incident-response
+      - static-investigations
+    phases:
+      - data-collection
+      - examination
+    tags:
+      - disk-partitioning
+      - gpt-analysis
+      - mbr-analysis
+      - filesystem-creation
+      - evidence-storage
+    related_concepts:
+      - File Systems & Storage Forensics
+      - Digital Evidence Chain of Custody
+    related_software:
+      - dd
+      - FTK Imager
+  - name: Linux Benutzer- und Rechteverwaltung
+    type: method
+    description: >-
+      Systematische Analyse von /etc/passwd, /etc/shadow und /etc/group für 
+      User-Activity-Reconstruction. Zahlencodierung (chmod 755) und 
+      Symbolic-Notation (rwxr-xr-x) für Dateiberechtigungen. Includes setuid, 
+      setgid und sticky-bit Analyse für Privilege-Escalation-Detection.
+    url: https://cloud.cc24.dev/f/32342
+    skillLevel: intermediate
+    domains:
+      - incident-response
+      - static-investigations
+      - malware-analysis
+    phases:
+      - examination
+      - analysis
+    tags:
+      - user-analysis
+      - permission-analysis
+      - privilege-escalation
+      - system-metadata
+      - access-control
+    related_concepts:
+      - File Systems & Storage Forensics
+      - Timeline Analysis & Event Correlation
+    related_software:
+      - grep
+      - strings
+  - name: Linux Log-Analyse Methodik
+    type: method
+    description: >-
+      Strukturierte Auswertung von /var/log/* für
+      Incident-Timeline-Reconstruction.  Unix-Time-Konvertierung,
+      Kernel-Ring-Buffer-Analyse mit dmesg,  Authentication-Logs in
+      auth.log/secure. Korrelation zwischen System-,  Kernel- und
+      Application-Logs für vollständige Event-Sequencing.
+    url: https://cloud.cc24.dev/f/32342
+    skillLevel: intermediate
+    domains:
+      - incident-response
+      - static-investigations
+      - network-forensics
+    phases:
+      - examination
+      - analysis
+    tags:
+      - log-analysis
+      - timeline-analysis
+      - unix-time
+      - kernel-analysis
+      - authentication-logs
+      - syslog-analysis
+    related_concepts:
+      - Timeline Analysis & Event Correlation
+    related_software:
+      - grep
+      - Plaso (log2timeline)
+  - name: Linux Shell-Historie Forensik
+    type: method
+    description: >-
+      Bash-History-Analyse aus ~/.bash_history für Command-Execution-Timeline. 
+      Erkennung von Anti-Forensik-Techniken: geleerte History, Softlinks auf 
+      /dev/null, manipulierte Timestamps. Korrelation mit Login-Logs für 
+      vollständige User-Activity-Reconstruction ohne Zeitstempel.
+    url: https://cloud.cc24.dev/f/32342
+    skillLevel: intermediate
+    domains:
+      - incident-response
+      - static-investigations
+      - malware-analysis
+    phases:
+      - examination
+      - analysis
+    tags:
+      - command-history
+      - user-activity
+      - anti-forensics-detection
+      - bash-analysis
+      - timeline-reconstruction
+      - indicator-of-compromise
+    related_concepts:
+      - Timeline Analysis & Event Correlation
+    related_software:
+      - grep
+      - strings
+  - name: Git Repository Forensik
+    type: method
+    description: >-
+      Versionskontroll-System-Analyse für Source-Code-Forensik und 
+      Entwickler-Activity-Tracking. Branch-Timeline-Reconstruction, 
+      Commit-Hash-Verifizierung, Merge-Conflict-Analysis. Collaborative-
+      Workflow-Investigation über Remote-Repositories und Pull-Requests.
+    url: https://cloud.cc24.dev/f/32342
+    skillLevel: advanced
+    domains:
+      - incident-response
+      - static-investigations
+      - malware-analysis
+    phases:
+      - examination
+      - analysis
+    tags:
+      - version-control
+      - source-code-analysis
+      - developer-tracking
+      - commit-analysis
+      - collaboration-forensics
+      - hash-verification
+    related_concepts:
+      - Hash Functions & Digital Signatures
+      - Timeline Analysis & Event Correlation
+    related_software:
+      - Gitea
+  - name: iptables Firewall-Forensik
+    type: method
+    description: >-
+      Netzwerk-Traffic-Filtering-Analysis durch iptables-Rules-Reconstruction. 
+      INPUT/OUTPUT/FORWARD-Chain-Analysis, ACCEPT/DROP/REJECT-Actions, 
+      Port-based und IP-based Filtering. Regel-Persistence-Verification und 
+      Anti-Evasion-Configuration für Incident-Response.
+    url: https://cloud.cc24.dev/f/32342
+    skillLevel: advanced
+    domains:
+      - incident-response
+      - network-forensics
+    phases:
+      - examination
+      - analysis
+    tags:
+      - firewall-analysis
+      - network-filtering
+      - traffic-analysis
+      - rule-analysis
+      - packet-filtering
+      - network-security
+    related_concepts:
+      - Network Protocols & Packet Analysis
+  - name: LUKS Disk-Encryption Analysis
+    type: method
+    description: >-
+      Linux Unified Key Setup Verschlüsselungs-Forensik für encrypted 
+      Partitions und Container. Cryptsetup-based Key-Slot-Analysis, 
+      Metadata-Header-Examination, Passphrase-Recovery-Techniques.  Integration
+      mit Filesystem-Mounting für decrypted Evidence-Access.
+    url: https://cloud.cc24.dev/f/32342
+    skillLevel: expert
+    domains:
+      - static-investigations
+      - incident-response
+    phases:
+      - examination
+      - analysis
+    tags:
+      - disk-encryption
+      - key-analysis
+      - encrypted-storage
+      - partition-analysis
+      - cryptographic-analysis
+      - access-recovery
+    related_concepts:
+      - Hash Functions & Digital Signatures
+      - File Systems & Storage Forensics
+  - name: Linux Secure File Deletion Verification
+    type: method
+    description: >-
+      Forensische Verifikation sicherer Löschvorgänge durch Overwrite-Pattern-
+      Analysis. Unterscheidung zwischen rm (Filesystem-Entry-Deletion) und 
+      shred (Multi-Pass-Overwriting). Recovery-Verification und Anti-Forensik-
+      Detection bei unvollständigen Secure-Wipe-Operationen.
+    url: https://cloud.cc24.dev/f/32342
+    skillLevel: intermediate
+    domains:
+      - static-investigations
+      - incident-response
+    phases:
+      - examination
+      - analysis
+    tags:
+      - secure-deletion
+      - data-recovery
+      - overwrite-analysis
+      - anti-forensics
+      - file-system-analysis
+      - data-sanitization
+    related_concepts:
+      - File Systems & Storage Forensics
+    related_software:
+      - PhotoRec
+      - dd
+  - name: Linux Process Memory Analysis
+    type: method
+    description: >-
+      Live-System-Speicher-Untersuchung durch /proc-Filesystem-Analysis. 
+      Process-State-Examination, Memory-Maps-Analysis, Open-Files-Detection  via
+      /proc/PID/. Kernel-Module-Verification und Hidden-Process-Detection  für
+      Rootkit-Analysis ohne Memory-Dump-Tools.
+    url: https://cloud.cc24.dev/f/32342
+    skillLevel: advanced
+    domains:
+      - incident-response
+      - malware-analysis
+    phases:
+      - examination
+      - analysis
+    tags:
+      - process-analysis
+      - memory-analysis
+      - proc-filesystem
+      - rootkit-detection
+      - live-analysis
+      - kernel-analysis
+    related_concepts:
+      - Memory Forensics & Process Analysis
 domains:
  - id: incident-response
    name: Incident Response & Breach-Untersuchung