Barry,

Great read!

Remember...many of the tools I've written run on Perl, regardless of the underlying OS...

H  

- bgrundy

The newer version is updated for Slackware and TSK/Autopsy 2.x. If you want 2.55, pm me and I'll send it to you. I'm also working an a complete re-write to be released in a couple of months.

Cool, will look forward to that

Are we going to see v3 of your guide updated for Gentoo

KP seriously seriously consider Barry's recommendation. There's an abundance of live linux cds which are also ideal for assisting you on your journey. Including some suitable for forensics CD. Take a peek at the Forensic Boot CD www.forensicbootcd.com it is not quite free but if you have some spare cash then it would be money well spent.  

I appreciate the kind words. As soon as I get 2.55 on the ftp site, I'll let everyone know here. At the very least, the formatting is *much* better and more readable (command outputs), along with the updated TSK stuff.

Harlan: I keep your tools close at hand. One of these days I'll get time to test more completely on Slackware and provide the feedback you are always asking for (and rightly so).

echo6: You know I love Gentoo. But I'm stuck on Slack for forensics. Just try and teach a week long class that starts with a Gentoo install,

Okay everyone, once you start "emerge -vuD --newuse world" and get through "etc-update", we'll take a break...be back in the classroom day after tomorrow at 1600"

 

[quote="echo6"]

- bgrundy

KP seriously seriously consider Barry's recommendation. There's an abundance of live linux cds which are also ideal for assisting you on your journey. Including some suitable for forensics CD. Take a peek at the Forensic Boot CD www.forensicbootcd.com it is not quite free but if you have some spare cash then it would be money well spent.

I'm downloading Slackware even as we speak. I'll take a look at foresicbootcd as well. I'm quite intrigued by the various things Linux offers, so I'll definitely be having a long look at it.
KP  

- bgrundy

Just try and teach a week long class that starts with a Gentoo install

LOL

- KPryor

I'm downloading Slackware even as we speak.

Joking aside, Slackware is a no frills Linux distro very suitable for forensics. In use by forensicbootcd and SMART Linux www.asrdata.com

Linux has a steep learning curve, so please perservere. By understanding Linux you may be pleasently surprised how much you can gain knowledge of other Operating System.

I would also recommend you read "Next Generation Data Forensics & Linux" www.crazytrain.com/mon..._Linux.pdf
and "Building a Super Kernel for Data Forensics" www.crazytrain.com/mon...oy/FSK.pdf Although a bit dated ! they are still relevant. Who knows perhaps we can poke Thomas into updating these papers. Although I doubt we will get him to include any mention of Gentoo in there  

Thanks Echo! I've worked with CentOS linux in the past, but would not consider myself proficient. I use Knoppix fairly often these days, so I have some foundation, but I figure using Slackware is going to be an eye opener.

I'll download those pdf's and have a look at them. Thanks!
KP  

If you are looking at linux distributions I think you will find that Helix has better tool organization. Plus some of the utilities have some nice add-on features.
Plus, there is a beginners manual that is put together quite well. www.e-fense.com/helix/...ix0307.pdf at
www.e-fense.com/helix/

Oh! It governed by a GPL -- it's free.
_________________
Give a man a fish and he can eat today. Teach the man how to fish and he will be able to eat his whole life.