Using Linux For Forensics

Discussion in 'General Linux' started by scotty, Apr 13, 2012.

  1. scotty

    scotty New Member

    Messages:
    84
    Likes Received:
    3
    Trophy Points:
    0
    I am a Forensics expert by trade, and I was wondering if anyone else tinkers in forensics in the linux environment. It is extremely powerful for retrieving data from windows machines, and I wondered if anyone had some techniques to share?

  2. Akendo

    Akendo New Member

    Messages:
    136
    Likes Received:
    7
    Trophy Points:
    0
    This is a very difficualt topic. ofc is linux very powerful for this Job.
    The "forensics" is a very bride area, but there some great tools out. For example to restore delete files i can recommend testdisk.

    But what do you exactly want to cover ?


    Take a look about this link, it containt a quite good overview of great tools.

    so far
    akendo
  3. scotty

    scotty New Member

    Messages:
    84
    Likes Received:
    3
    Trophy Points:
    0
    I have done multiple things in linux. I use the Autopsy forensic suite, what I was a****g is if anyone else uses linux for their forensics rather than say encase or ftk.

    I use linux in all stages of forensics investigation. I make a copy of the drive, and then examine it using grep, string, to name but a few.

    I guess not many people are into forensics really.
  4. ReMiXeDg

    ReMiXeDg New Member

    Messages:
    9
    Likes Received:
    0
    Trophy Points:
    0
    This earth is packed with people I wouldn't think not to many people are into this, meaning a lot of people do forensics. Also yes, Linux is very powerful it can only help in so many ways:


    Sent from my iPad using tapatalk.
    BackHost.US - Reliable Offshore Solutions.
    Dedicated , VPS & Shared.
    Skype: bh_Greg contact me for some deals!

Share This Page