Log analysis from the endpoint side can be in the form of event log from the operating system, log from the application, log from the database, and others. When an investigator does the investigation in a security incident, the most frequently asked question is whether the log is still available, what logs can be obtained from the system? From the log file in general, an investigator will see an overview of the timeline of activities and events that occurred on the endpoint side during the incident. Digital forensic investigators will look at activities before a security incident happens to see what activities involve the threat actor and then collect the evidence. Assume that you are a digital forensic engineer and you have been called to perform a forensic study regarding the recent privilege escalation attacks on one of the companys servers. Assume that all servers are running Linux servers. Based on the case study given above, investigate the following: (10 Marks) a) User account information (hint: you can use /etc/passwd and /etc/shadow files of your Linux server to check suspicious user account) b) The IP address from which they were sent. (hint: you can use /var/log of your Linux server to check suspicious login attempts) c) Time and date of the activity (hint: you can use /var/log of your Linux server to check suspicious login attempts) d) Check escalated privilege if there is any (hint: you can use /etc/sudoers to conduct an analysis if there are modified file and user permission)