Some notions of doing forensics under Unix

• Benefits and deficits of Unix as a platform

  • Handles many disk formats from many platforms
  • Independent of the original OS (except for Unix)
  • Can do ‘read only’ (something other OSs only imagine)
  • Allows rapid, easy programming for analysis tasks

• The mixed platform approach

  • I don’t just use Unix!!! (hard to believe isn’t it?)
  • Mix Unix with the platform of the disk under analysis
  • Sometimes it is far more efficient to look at power point slides using power point!

Previous slide

Next slide

Back to first slide

View graphic version