The New 2.6 Linux Kernel

In December of 2003, the Linux 2.6 kernel was released. While this is another milestone in the Linux saga, it would be wise to stay with the 2.4 kernel until testsare done on changes that affect our work.

Many of the changes in 2.6 are geared toward enterprise use and scalability. The new kernel release also has a number of infrastructure changes that could have a huge impact on Linux as a forensic platform. For example, there is enhanced support for USB and a myriad of other external devices. The kernel module and entire device sub-systems have been changed and improved, making them more robust. And we will soon have access to “user mode” Linux that could provide a whole new environment for us to workin.

As with all forensic tools, we need to have a clear view of how the new kernel will interact with our forensic platforms and subject hardware. This will take some time.