Forensic Cop Journal 2(1): Ubuntu Forensic
Dec 02, 2009, 20:02 (0 Talkback[s])
"One essential reason why the author frequently uses Ubuntu for
digital forensic purposes such as forensic imaging is forensically
sound write protect. It is compulsory for every digital forensic
analyst to apply it when dealing with the storage drive evidence.
It is aimed not to change the contents of drive either incidentally
or deliberately. Once the contents is changed, so the next actions
of digital forensic become doubt or even refused by the court,
unless digital forensic analyst can explain comprehensively why
(i.e. the relevance) it is changed and what the implications of
that action. It is usually performed on live analysis with strict
procedures. On dead analysis (i.e. post mortem) the analyst is
still required to keep the contents of hard drive not changed. To
reach this purpose, Ubuntu can be modified in order to give
forensically sound write protect."
Complete Story
Related Stories:
- Computer Aided Investigative Environment 1.0 released(Nov 02, 2009)
- Feds Need 10,000 Cyber Security Experts(Jun 08, 2009)
- Using TCT To Recover Lost Data On Linux Or Unix - Part Two(May 21, 2009)
- Recovering Lost Data On Linux Or Unix Using The Coroner's Toolkit (TCT)(May 19, 2009)
- Hey, Don't Dump. Debug!(May 01, 2009)
- Five Essential Computer Forensics Tools(Dec 09, 2008)
- Recover Deleted Files With Foremost, Scalpel in Ubuntu(Oct 20, 2008)
- Undeleted: Carving Tools Help You Recover Deleted Files(Jul 24, 2008)
