Open Source Forensics.

[HaQue]

I was listening to the Cyberjungle and was reminded about the free Open Source The Sleuth kit and Autopsy. I guess you guys in Forensics already know about it, but I know some shops just have some tools and buy products like encase, and may not "get out" enough to see if there is anything else useful...

The Sleuth Kit

The Sleuth Kit® (TSK) is a library and collection of command line tools that allow you to investigate disk images. The core functionality of TSK allows you to analyze volume and file system data. The plug-in framework allows you to incorporate additional modules to analyze file contents and build automated systems. The library can be incorporated into larger digital forensics tools and the command line tools can be directly used to find evidence.

Autopsy® is a digital forensics platform and graphical interface to The Sleuth Kit® and other digital forensics tools. It can be used by law enforcement, military, and corporate examiners to investigate what happened on a computer.

As always there are some other things peripheral to the pages to check out.

[digitalferret]

Eeeh nostalgia TSK / Autopsy =)

Other Distro's also worth a look:

Sift http://digital-forensics.sans.org/community/downloads
Deft http://www.deftlinux.net/ site also contains a windows live response Win-UFO
and
Caine http://www.caine-live.net/

Kali more leaning towards pentest but still a useful distro.

Usual DIY'er warnings:
Not forgetting "Forensic" is in compliance with the law, DIY'er sysadmins messing with a "suspect" PC could actually render it inadmissible and themselves liable to prosecution. Always check your country/state laws.

iirc, some parts of the US were pushing for all computer investigators to have PI licensing.

K