Please read chapter 2 of MF, pp. 93-120.

Unix/Linux, learning what is where

What kind of state is available?

Live system tool derived state

"Shopping List" for volatile information

Date/time information

Memory acquisition

System identification

In the Unix/Linux environment, you can use hostname, whoami, uname -a, and possibly cat /etc/SOMEFILE (SOMEFILE depending on the operating system &mdash for instance, in Redhat, it would be redhat-release. Another candidate is the previously mentioned uptime. MF suggests both tools from CTC and from Helix. You can also write a simple "profiler" in Perl to collect volatile information from the /proc pseudo-files. Also, you might want to just copy everything from the /etc/ and /usr/local directories — these are considered to embody the "personality" of a Linux/Unix system.

Who is using the system? Login sessions.

Who is using the system? Open files.

What else might be scheduled?

NFS and sshfs

Network connectivity

Keyboard history