Interesting Linux Forensics site

Jun 15th, 2004

Comments: 1
Category: Forensics

Interesting Linux Forensics site

I came across an interesting site called Linux-Forensics.com. It’s a good resource dedicated to the use of Linux in computer forensics
Whilst in general I like the idea of using Linux in alot of places, it’ll have a uphill struggle in this area, I think, up against the likes of Encase . One reason for this is that, at least in the UK, Encase is recognised by the police and the courts as being a reliable forensic tool, the evidence from which can be admissable in court. So it would be a brave forensic investigator who used something else, which he would doubtless have more trouble justifying in court.
That said not every forensic analysis ends up in court and encase is a tad on the pricy side…..

DISCUSSION 1 Comments

  1. Rory A June 21, 2004 at 9:43 am

    Although, standard *nix tools such as dd are in use and approved by such bodies as the FBI:
    http://homepage.cs.uri.edu/courses/hpr108b/readings/MD5_case.html
    And tools like tct still have wide acceptance, so it may not be that hard a push. Of course, what we really need is a cross between tct and EnCase vetted by law enforcement agencies.

Add a comment

Your email address will not be shared or published. Required fields are marked *