Data that is stored permanently

Data that is lost when power is turned off

Data stored in log files

Data accessible only by the root user

To measure system storage capacity

To determine the amount of time a system has been online

To analyze user activity

To locate root directories

It provides details on system uptime

It contains system and configuration data critical for investigations

It logs user activity

It encrypts all user data

hostname

ls -a

cat /etc/hostname

sudo root

/usr/logs

/etc/logs

/var/log

/home/log

/var/log/login

/var/log/syslog

/var/log/auth.log

/etc/hosts

To encrypt files

To identify file types based on header data

To recover lost files

To analyze network activity