Recommendations for Linux forensic tools?

dodginess,
SleuthKit and Autopsy Browser _http//www.sleuthkit.org
gui and cmd disk imaging tool- rdd from NFI _http//sourceforge.net/projects/rdd
dcfldd _http//dcfldd.sourceforge.net/
pyflag _http//pyflag.sourceforge.net/
and more 😉

http//www.linuxnet.com/index.html

Make sure you check out Helix and FIRE. If you modify NTFS filesystems a lot give TrinityOS 3.2 a spin, it is not a forensic toolset distribution but a bootable Linux OS with Anti-Virus programs.

A couple of useful tools to have available are foremost or scapel and glimpse (free for personal use). Even if you do not use Sleuthkit and Autopsy as previouly mentioned some of their utilities are very useful, especially SORTER.

A good place to look for tools are some of the linux forensic cd sites. Most sites have a program listing that will have a short description for you to decide which programs to seek out and add to your own tool set. I am a Debian person (not a debian clones), and where I was able to get source code I created Deb packages for my systems. Below are some links to the software lists on a few live linux cd's used for incident response. Not all live linux CDs are forensically sound in all aspects so of course take caution. If you are installing as I do on your own system, you can take the necessary steps to build a good forensically sound kernel, or use hardware write protection.

http//remote-exploit.org/backtrack_docs.html

http//www.lnx4n6.be/index.php?sec=Documentation&page=bootcdcontent

http//backtrack.offensive-security.com/index.php?title=Tools

http//www.e-fense.com/helix/contents.php

Please if anyone has other URLS , feel free to add.

* check out asrdata's SMART evaluation cd. It also has some nice opensource utilities on the live cd. SMART its self is not opensource, just the accompanied utilities. If you have the money SMART is very nice (its pretty cheap).