Reading assignment

Unix/Linux, learning what is where

What kind of state is available?

Live system tool derived state

"Shopping List" for volatile information

Date/time information

Memory acquisition

System identification

In the Unix/Linux environment, you can use hostname, whoami, uname -a, and possibly cat /etc/SOMEFILE (SOMEFILE depending on the operating system — for instance, in Redhat, it would be redhat-release. Another candidate is the previously mentioned uptime. MF suggests both tools from CTC and from Helix. You can also write a simple "profiler" in Python or Perl to collect volatile information from the /proc and /sys pseudo-files. Also, you might want to just copy everything from the /etc/ and /usr/local directories — these are considered to embody the "personality" of a Linux/Unix system. You might also consider copy /root since it is not uncommon to find important configuration and setup information in that directory.

Who is using the system? Login sessions.

Who is using the system? Open files.

What else might be scheduled?

NFS and sshfs

Network connectivity

Keyboard history