System log

The messages log is located in the /var/log/messages contains the system log. This includes startup messages, kernel messages and application messages. This is a valuable tool in forensics analysis as it can provide information about the sequence of events.

The file format is text and can be viewed with a cat command.

Startup messages: These messages are generated when the system starts up. They can provide information about the hardware and software that is loaded, as well as any errors that occur during startup. Kernel messages: These messages are generated by the Linux kernel. They can provide information about kernel events, such as hardware interrupts, process creation, and file access. Application messages: These messages are generated by applications. They can provide information about application events, such as errors, warnings, and status messages.

Digital forensics & Intrusion Response Playbook - *nix OS

System log