Title
Introduction
Forensics and Linux
Forensics Subtitle
Forensics
Forensic Examinations
Cyber-Forensics
vs Incident Recovery
When Why and Who
Players
Law Enforcement
Reporting
Preserving Evidence
Forensic Data
Documentation
Admissibility
Chain of Evidence
Refutability
Forensics Checklist
Linux Subtitle
Linux in Forensics
Forensic Tools on Linux
Command Line Tools
Bootable Business Cards
Choosing BBC
FIRE
Penguin
Booting from CD
Disk Drives
Drive Collection
Imaging Drives
The Coroners Toolkit
TASK
Autopsy
Network Evidence
Linux Checklist
Examination SubTitle
Forensic Examinations on Linux
Pre-Incident Preparations
Prepartions to Examiniation
Initial Action
Types of Data
Data on Disk
Magic SysRq D
Magic SysRq S-U-B
Pulling the Net
Shutting Down
Pulling the Plug
Suspend to Swap
Live Systems
The Persistence of Data
Examination Checklist
Summary Subtitle
Linux and Forensics
Will You Need This
Conclusion
More Information
Closing Title
Author: Michael H. Warfield
E-mail: mhw@wittsend.com
Homepage: http://www.wittsend.com/mhw