Title
Introduction
Forensics and Linux
Forensics
What is a Forensic Examination
Incident Recovery
When Why and Who
Law Enforcement
Preserving Evidence 1
Documentation
Chain of Evidence
Refutability
Will You Need This
Linux in Forensics
Forensic Tools on Linux
Command Line Tools
Bootable Business Cards
The Coroners Toolkit
TASK
Autopsy
The Persistence of Data
Forensic Examinations on Linux
Pre-Incident Preparations
Prepartions to Examiniation
Initial Action
Types of Data
Data on Disk
Magic SysRq D
Magic SysRq S-U-B
Pulling the Net
Shutting Down
Pulling the Plug
Suspend to Swap
Preserving Evidence 2
Disk Drives
Imaging Drives
Network Evidence
Live Systems
Examination
Linux and Forensics
Conclusion
Closing Title
Author: Michael H. Warfield
E-mail: mhw@wittsend.com
Homepage: http://www.wittsend.com/mhw/