Conclusion

Facing a forensic investigation is bad news for all parties envolved.
There are inherent tensions between efforts to recover systems and efforts to preserve evidence.
With preparation, conflicts can be minimized.
With proper preparation, the impact of a forensic investigation on system recovery can be minimal.
Linux is a powerful tool in the forensic investigators tool bag.
Linux can be examined intelligently, verifiably, and reliably for forensic information.

Facing a forensic investigation is bad news for all parties envolved.