Forensic Tools on Linux

• Basic unix command line tools

  • Been around for years
  • md5sum, sum, shash, lsof, grep, dd, cpio, etc

• Specialized recovery applications

  • Undeleting files
  • Repairing Partitions and Disks - fsck, gpart, sfdisk
  • File / Disk imaging tools

• Bootable Business Cards (BBC) / Bootable CDs

• The Coroner's ToolKit

• Task & Autopsy

• A few commercial packages

  • Smart (from Asrdata - $2,000 for Linux)

Notes: