X. Advanced Forensic Tools
Sonow you have some experience with using the Linux command line and the powerful tools that are provided with a Linux installation. However, as forensic examiners, we soon come to find out that time is a valuable commodity. While learning to use the command line tools native to a Linux install is useful for a myriad of tasks in the “real world”, it can also be tedious. After all, there are Windows based tools out there that allow you to do much of what we have discussed here in a simple point and clickGUI. Well, the same can be said for Linux.
The popularity of Linux is growing at a fantastic rate. Not only do we see it in an enterprise environment and in big media, but we are also starting to see its widening use in the field of computer forensics. In recent years we’ve seen the list of available forensic tools for Linux grow with the rest of the industry.
In this section we will cover a number of forensic tools available to make your analysis easier and more efficient. We will cover bothfree tools and commercial tools.
AUTHOR’S NOTE: Inclusion of tools and packages in this section in no way constitutes an endorsement of those tools. Please test them yourself to ensure that they meet your needs. The tools here were chosen because it was suggested by a large number of readers of the original Introduction document that I provide information on forensic packages for Linux.
Since this is a Linux document, I am covering available Linux tools. This does not mean that the common tools available for other platforms cannot be used to accomplish many of the same results. On a personal note, I do maintain that analysis of a Unix system is best accomplished with a Unix (like) toolset.