Case for live linux forensics

You need a fake case? Take your pick.

1. You have intelligence that the suspect is downloading illicit material. You enter his house to find he has what looks like a Linux PC, still running.

2. You think a business may be conducting fraudulent trading. You arrive at the premises to find a single linux server.

3. You discover a website which contains naughty items is hosted five miles away from your office. The ISP is happy to help, but they would prefer it if you didn't unplug his server as it is also hosting 49 legitimate sites.

4. Steve Ballmer becomes president of the USA. He orders the immediate arrest of Linus Torvalds. You are present at the raid.

5. You have intelligence that the suspect is a member of a hacker ring. Your arrive in his concrete bunker to find he has strapped himself to 12 tons of plastic explosive. He orders you to perform a live acquistion on his main linux box or he will detonate.

6. You take a trip to a wonderful island. The island is populated with genetically-bred dinosaurs. Sadly, while you are there, the sysadmin sabotages the system and all hell breaks loose. Your only chance is to examine the mainframe and repair the damage. You sit at the console, only to realise it's Linux. You breathlessly utter "it's a Unix System.. I know this".

Man !! Your stories are awesome D specially the last one …..il would include the hacker ring's story…..

Also can u help me with any articles or commands which i should refer or use while performing a live forensics …The suspects machine will be backtrack5

You need a fake case? Take your pick.

The geeks started laughing at 4. The rest probably started laughing at 6. Well done.

i found a tonne of useful links by googling backtrack forensics

the good thing is backtrack has a lot of standard linux tools. As a result you could image ram and take an image of the hard drive using the tools on the OS

other than that dont really know what youd lose by turning off a linux box.