Linux Incident Response and Live Forensics: A Hands-On Playbook
A hands-on, command-driven playbook for investigating compromised Linux servers. Covers memory acquisition with AVML, process and network forensics, persistence hunting, log analysis, filesystem imaging, and automated collection with Velociraptor and Cat-Scale.