Interesting Linux Forensics site

Jun 15th, 2004

Category: Forensics

I came across an interesting site called It’s a good resource dedicated to the use of Linux in computer forensics
Whilst in general I like the idea of using Linux in alot of places, it’ll have a uphill struggle in this area, I think, up against the likes of Encase . One reason for this is that, at least in the UK, Encase is recognised by the police and the courts as being a reliable forensic tool, the evidence from which can be admissable in court. So it would be a brave forensic investigator who used something else, which he would doubtless have more trouble justifying in court.
That said not every forensic analysis ends up in court and encase is a tad on the pricy side…..


  1. Rory A June 21, 2004 at 9:43 am

    Although, standard *nix tools such as dd are in use and approved by such bodies as the FBI:
    And tools like tct still have wide acceptance, so it may not be that hard a push. Of course, what we really need is a cross between tct and EnCase vetted by law enforcement agencies.

