Linux Forensics dirs

Linux directories are organized in a hierarchical structure, starting from the root directory /. Each directory serves a specific purpose and is essential for the operating system's functionality. Her

1. / - Root Directory

  • Purpose: The top of the directory hierarchy.

  • Description: All files and directories in Linux are under the root directory. It contains critical subdirectories like /bin, /etc, and /home.

2. /bin - Binary Directory

  • Purpose: Contains essential user binaries (executables).

  • Description: This directory stores critical commands used by all users, such as ls, cp, mv, and cat. These are necessary for basic system operation

3. /sbin - System Binaries

  • Purpose: Contains system administration binaries.

  • Description: Commands like ifconfig, iptables, and reboot reside here. These are primarily for the root user or administrators.

4. /etc - Configuration Files

  • Purpose: Stores system-wide configuration files.

  • Description: Contains settings for the system and applications, such as:

    • /etc/passwd: User account information.

    • /etc/fstab: Disk and filesystem configurations.

    • /etc/network: Network configuration files.

5. /dev - Device Files

  • Purpose: Contains device files representing hardware.

  • Description: Files like /dev/sda (disk) and /dev/tty (terminals) allow the OS to interact with hardware.

6. /proc - Process Information

  • Purpose: Virtual filesystem providing process and system info.

  • Description: Contains files like /proc/cpuinfo (CPU details) and /proc/meminfo (memory usage). It's dynamically generated by the kernel.

7. /sys - System Information

  • Purpose: Provides information about devices and drivers.

  • Description: Used for interacting with the kernel and managing devices. For example, /sys/class/net provides details about network interfaces.

8. /home - User Home Directories

  • Purpose: Stores personal files for each user.

  • Description: Each user gets a directory like /home/username. It contains user-specific configurations, documents, and downloads.

9. /root - Root User's Home Directory

  • Purpose: Home directory for the root user.

  • Description: This is separate from /home and is only accessible to the root user. Used for administrative tasks.

10. /var - Variable Data

  • Purpose: Stores variable files.

  • Description: Contains files that change frequently, such as:

    • /var/log: System logs.

    • /var/spool: Print or mail queues.

    • /var/cache: Cache data.

11. /tmp - Temporary Files

  • Purpose: Stores temporary files.

  • Description: Applications and processes use this directory to store temporary data, which is cleared upon reboot.

12. /usr - User Binaries and Libraries

  • Purpose: Stores user applications and their dependencies.

  • Description: Subdirectories include:

    • /usr/bin: Non-essential binaries (e.g., nano, vim).

    • /usr/lib: Libraries for user binaries.

    • /usr/share: Shared resources like icons and documentation.

13. /lib - System Libraries

  • Purpose: Contains essential shared libraries.

  • Description: Stores libraries needed for binaries in /bin and /sbin. For example:

    • /lib/modules: Kernel modules.

14. /media - Removable Media

  • Purpose: Mount point for removable drives.

  • Description: When you plug in a USB drive or insert a CD, it's often mounted here under a subdirectory like /media/usb.

15. /mnt - Temporary Mount

  • Purpose: Mount point for temporary filesystems.

  • Description: Used by administrators to manually mount filesystems for troubleshooting or temporary access.

16. /opt - Optional Software

  • Purpose: Stores optional or third-party software.

  • Description: Applications installed outside the package manager often reside here.

17. /srv - Service Data

  • Purpose: Contains data for services.

  • Description: Used by servers to store service-related data, such as web server files or FTP server data.

18. /boot - Boot Files

  • Purpose: Contains bootloader and kernel files.

  • Description: Includes:

    • vmlinuz: Compressed Linux kernel.

    • initrd: Initial RAM disk image.

    • grub: Bootloader configuration files.

19. /run - Runtime Data

  • Purpose: Temporary files required during system runtime.

  • Description: Stores information like PID files and sockets. Data is cleared on reboot.

20. /snap - Snap Packages

  • Purpose: Stores installed snap packages.

  • Description: Used by the Snap package management system to manage containerized applications.

21. /lost+found - Recovered Files

  • Purpose: Stores files recovered after filesystem errors.

  • Description: Created during disk repairs and typically found in the root of each filesystem.

22. /tmp vs /var/tmp

  • /tmp: Cleared on reboot. Used for temporary, short-lived files.

  • /var/tmp: Persistent temporary files. Not cleared on reboot.

PreviousLinux Forensics LogsNextLinux Forensics Commands

Last updated