I came across an interesting site called Linux-Forensics.com. It's a good resource dedicated to the use of Linux in computer forensics
Whilst in general I like the idea of using Linux in alot of places, it'll have a uphill struggle in this area, I think, up against the likes of Encase . One reason for this is that, at least in the UK, Encase is recognised by the police and the courts as being a reliable forensic tool, the evidence from which can be admissable in court. So it would be a brave forensic investigator who used something else, which he would doubtless have more trouble justifying in court.
That said not every forensic analysis ends up in court and encase is a tad on the pricy side.....
Posted by rorym at June 15, 2004 8:28 PM | TrackBackAlthough, standard *nix tools such as dd are in use and approved by such bodies as the FBI:
http://homepage.cs.uri.edu/courses/hpr108b/readings/MD5_case.html
And tools like tct still have wide acceptance, so it may not be that hard a push. Of course, what we really need is a cross between tct and EnCase vetted by law enforcement agencies.
Posted by: Rory A at June 21, 2004 9:43 AM