# Linux Forensics dirs ### 1. `/` - Root Directory * **Purpose:** The top of the directory hierarchy. * **Description:** All files and directories in Linux are under the root directory. It contains critical subdirectories like `/bin`, `/etc`, and `/home`. ### `2. /bin` - Binary Directory * **Purpose:** Contains essential user binaries (executables). * **Description:** This directory stores critical commands used by all users, such as `ls`, `cp`, `mv`, and `cat`. These are necessary for basic system operation ### **`3. /sbin` - System Binaries** * **Purpose:** Contains system administration binaries. * **Description:** Commands like `ifconfig`, `iptables`, and `reboot` reside here. These are primarily for the root user or administrators. *** ### **4. `/etc` - Configuration Files** * **Purpose:** Stores system-wide configuration files. * **Description:** Contains settings for the system and applications, such as: * `/etc/passwd`: User account information. * `/etc/fstab`: Disk and filesystem configurations. * `/etc/network`: Network configuration files. *** ### **5. `/dev` - Device Files** * **Purpose:** Contains device files representing hardware. * **Description:** Files like `/dev/sda` (disk) and `/dev/tty` (terminals) allow the OS to interact with hardware. *** ### **6. `/proc` - Process Information** * **Purpose:** Virtual filesystem providing process and system info. * **Description:** Contains files like `/proc/cpuinfo` (CPU details) and `/proc/meminfo` (memory usage). It's dynamically generated by the kernel. *** ### **7. `/sys` - System Information** * **Purpose:** Provides information about devices and drivers. * **Description:** Used for interacting with the kernel and managing devices. For example, `/sys/class/net` provides details about network interfaces. *** ### **8. `/home` - User Home Directories** * **Purpose:** Stores personal files for each user. * **Description:** Each user gets a directory like `/home/username`. It contains user-specific configurations, documents, and downloads. *** ### **9. `/root` - Root User's Home Directory** * **Purpose:** Home directory for the root user. * **Description:** This is separate from `/home` and is only accessible to the root user. Used for administrative tasks. *** ### **10. `/var` - Variable Data** * **Purpose:** Stores variable files. * **Description:** Contains files that change frequently, such as: * `/var/log`: System logs. * `/var/spool`: Print or mail queues. * `/var/cache`: Cache data. *** ### **11. `/tmp` - Temporary Files** * **Purpose:** Stores temporary files. * **Description:** Applications and processes use this directory to store temporary data, which is cleared upon reboot. *** ### **12. `/usr` - User Binaries and Libraries** * **Purpose:** Stores user applications and their dependencies. * **Description:** Subdirectories include: * `/usr/bin`: Non-essential binaries (e.g., `nano`, `vim`). * `/usr/lib`: Libraries for user binaries. * `/usr/share`: Shared resources like icons and documentation. *** ### **13. `/lib` - System Libraries** * **Purpose:** Contains essential shared libraries. * **Description:** Stores libraries needed for binaries in `/bin` and `/sbin`. For example: * `/lib/modules`: Kernel modules. *** ### **14. `/media` - Removable Media** * **Purpose:** Mount point for removable drives. * **Description:** When you plug in a USB drive or insert a CD, it's often mounted here under a subdirectory like `/media/usb`. *** ### **15. `/mnt` - Temporary Mount** * **Purpose:** Mount point for temporary filesystems. * **Description:** Used by administrators to manually mount filesystems for troubleshooting or temporary access. *** ### **16. `/opt` - Optional Software** * **Purpose:** Stores optional or third-party software. * **Description:** Applications installed outside the package manager often reside here. *** ### **17. `/srv` - Service Data** * **Purpose:** Contains data for services. * **Description:** Used by servers to store service-related data, such as web server files or FTP server data. *** ### **18. `/boot` - Boot Files** * **Purpose:** Contains bootloader and kernel files. * **Description:** Includes: * `vmlinuz`: Compressed Linux kernel. * `initrd`: Initial RAM disk image. * `grub`: Bootloader configuration files. *** ### **19. `/run` - Runtime Data** * **Purpose:** Temporary files required during system runtime. * **Description:** Stores information like PID files and sockets. Data is cleared on reboot. *** ### **20. `/snap` - Snap Packages** * **Purpose:** Stores installed snap packages. * **Description:** Used by the Snap package management system to manage containerized applications. *** ### **21. `/lost+found` - Recovered Files** * **Purpose:** Stores files recovered after filesystem errors. * **Description:** Created during disk repairs and typically found in the root of each filesystem. *** ### **22. `/tmp` vs `/var/tmp`** * `/tmp`: Cleared on reboot. Used for temporary, short-lived files. * `/var/tmp`: Persistent temporary files. Not cleared on reboot.