From ForensicsWiki
Revision as of 03:12, 22 April 2007 by Simsong (Talk | contribs)

Jump to: navigation, search

Tool Name is LinEn, short for Linux Encase imager.


File Systems Understood

File Search Facilities

Historical Reconstruction

Can it build timelines and search by creation date?

Searching Abilities

Can it search? Does it build an index? Can it focus on file types or particular kinds of metadata?

Hash Databases

Can it create hashes of files and/or blocks? Can it compare these hash values to any databases? What sort of hash functions does it use?

It can calculate an MD5 hash.

Evidence Collection Features

Can it sign files? Does it keep an audit log?


License Notes

Linen is released under a proprietary license. It is included as part of the freely downloadable Helix live CD.

External Links

External Reviews