Linux Forensics dirs
Linux directories are organized in a hierarchical structure, starting from the root directory /. Each directory serves a specific purpose and is essential for the operating system's functionality. Her
1. / - Root Directory
/ - Root DirectoryPurpose: The top of the directory hierarchy.
Description: All files and directories in Linux are under the root directory. It contains critical subdirectories like
/bin,/etc, and/home.
2. /bin - Binary Directory
2. /bin - Binary DirectoryPurpose: Contains essential user binaries (executables).
Description: This directory stores critical commands used by all users, such as
ls,cp,mv, andcat. These are necessary for basic system operation
3. /sbin - System Binaries
3. /sbin - System BinariesPurpose: Contains system administration binaries.
Description: Commands like
ifconfig,iptables, andrebootreside here. These are primarily for the root user or administrators.
4. /etc - Configuration Files
/etc - Configuration FilesPurpose: Stores system-wide configuration files.
Description: Contains settings for the system and applications, such as:
/etc/passwd: User account information./etc/fstab: Disk and filesystem configurations./etc/network: Network configuration files.
5. /dev - Device Files
/dev - Device FilesPurpose: Contains device files representing hardware.
Description: Files like
/dev/sda(disk) and/dev/tty(terminals) allow the OS to interact with hardware.
6. /proc - Process Information
/proc - Process InformationPurpose: Virtual filesystem providing process and system info.
Description: Contains files like
/proc/cpuinfo(CPU details) and/proc/meminfo(memory usage). It's dynamically generated by the kernel.
7. /sys - System Information
/sys - System InformationPurpose: Provides information about devices and drivers.
Description: Used for interacting with the kernel and managing devices. For example,
/sys/class/netprovides details about network interfaces.
8. /home - User Home Directories
/home - User Home DirectoriesPurpose: Stores personal files for each user.
Description: Each user gets a directory like
/home/username. It contains user-specific configurations, documents, and downloads.
9. /root - Root User's Home Directory
/root - Root User's Home DirectoryPurpose: Home directory for the root user.
Description: This is separate from
/homeand is only accessible to the root user. Used for administrative tasks.
10. /var - Variable Data
/var - Variable DataPurpose: Stores variable files.
Description: Contains files that change frequently, such as:
/var/log: System logs./var/spool: Print or mail queues./var/cache: Cache data.
11. /tmp - Temporary Files
/tmp - Temporary FilesPurpose: Stores temporary files.
Description: Applications and processes use this directory to store temporary data, which is cleared upon reboot.
12. /usr - User Binaries and Libraries
/usr - User Binaries and LibrariesPurpose: Stores user applications and their dependencies.
Description: Subdirectories include:
/usr/bin: Non-essential binaries (e.g.,nano,vim)./usr/lib: Libraries for user binaries./usr/share: Shared resources like icons and documentation.
13. /lib - System Libraries
/lib - System LibrariesPurpose: Contains essential shared libraries.
Description: Stores libraries needed for binaries in
/binand/sbin. For example:/lib/modules: Kernel modules.
14. /media - Removable Media
/media - Removable MediaPurpose: Mount point for removable drives.
Description: When you plug in a USB drive or insert a CD, it's often mounted here under a subdirectory like
/media/usb.
15. /mnt - Temporary Mount
/mnt - Temporary MountPurpose: Mount point for temporary filesystems.
Description: Used by administrators to manually mount filesystems for troubleshooting or temporary access.
16. /opt - Optional Software
/opt - Optional SoftwarePurpose: Stores optional or third-party software.
Description: Applications installed outside the package manager often reside here.
17. /srv - Service Data
/srv - Service DataPurpose: Contains data for services.
Description: Used by servers to store service-related data, such as web server files or FTP server data.
18. /boot - Boot Files
/boot - Boot FilesPurpose: Contains bootloader and kernel files.
Description: Includes:
vmlinuz: Compressed Linux kernel.initrd: Initial RAM disk image.grub: Bootloader configuration files.
19. /run - Runtime Data
/run - Runtime DataPurpose: Temporary files required during system runtime.
Description: Stores information like PID files and sockets. Data is cleared on reboot.
20. /snap - Snap Packages
/snap - Snap PackagesPurpose: Stores installed snap packages.
Description: Used by the Snap package management system to manage containerized applications.
21. /lost+found - Recovered Files
/lost+found - Recovered FilesPurpose: Stores files recovered after filesystem errors.
Description: Created during disk repairs and typically found in the root of each filesystem.
22. /tmp vs /var/tmp
/tmp vs /var/tmp/tmp: Cleared on reboot. Used for temporary, short-lived files./var/tmp: Persistent temporary files. Not cleared on reboot.
Last updated