LINUX Incident Response and Threat Hunting Poster

Master threat hunting techniques and learn to identify, analyze, and respond to incidents on Linux platforms. This poster highlights key processes and artifacts related to common attacks, along with effective tools and techniques for investigation. Use it as a handy cheat-sheet to remember where to find essential Linux artifacts, how to analyze them, and when they may be useful during an investigation. This poster is a resource developed from the FOR577: Linux Incident Response and Threat Hunting™ course, reflecting the expertise taught in the class, and was created by SANS Instructors Kat Hedley and Taz Wake.

March 3, 2025

Login to download

Linux Incident Response Poster

Related Content

DFIR - Blog - Choose Your Malware Analysis Adventure- FOR610 or FOR710__340 x 340.jpg

Digital Forensics, Incident Response & Threat Hunting

February 11, 2025

Choose Your Malware Analysis Adventure: FOR610 or FOR710?

We’ve created a ten-question self-assessment designed to gauge whether FOR610 or FOR710 is the best fit for you.

Digital Forensics, Incident Response & Threat Hunting

January 27, 2025

A Visual Summary of SANS CTI Summit 2025

Check out these graphic recordings created in real-time throughout the event for SANS CTI Summit 2025

Digital Forensics, Incident Response & Threat Hunting

January 20, 2022

Uncovering Windows Defender Real-time Protection History with DHParser

Whether you are a systems administrator performing regular threat hunting on your network, or you are an analyst examining a system after the smoke of an incident has cleared, Windows Defender’s DetectionHistory logs give an excellent look into what (and who) has been marked as potentially...