Difference between revisions of "Linux"

From ForensicsWiki
Jump to: navigation, search
(Links.)
(foremost.)
Line 11: Line 11:
 
The wide variety of useful Linux utilities exist for desktop computers can also be used on Linux-based PDAs.  These utilities can often be used as a part of the [[forensics investigation]] process.
 
The wide variety of useful Linux utilities exist for desktop computers can also be used on Linux-based PDAs.  These utilities can often be used as a part of the [[forensics investigation]] process.
  
== dd ==
+
== Tools ==
  
'''dd''', or duplicate disk, is a Unix and Linux utility that allows the user to create a bitstream image of a disk or device. Once the Linux-based PDA is connected to another device and the dd utility is run, the mirror image can be uploaded onto [[memory card]]s or even an external desktop workstation connected via a network. Images created by dd are readable by [[forensics software]] tools such as [[EnCase]] and [[Forensic Toolkit]]. Since the device uses a Linux [[filesystem]], the image may also be mounted and examined on a Linux workstation.
+
=== dd ===
 +
 
 +
'''[[dd]]''', or duplicate disk, is a Unix and Linux utility that allows the user to create a bitstream image of a disk or device. Once the Linux-based PDA is connected to another device and the dd utility is run, the mirror image can be uploaded onto [[memory card]]s or even an external desktop workstation connected via a network. Images created by dd are readable by [[forensics software]] tools such as [[EnCase]] and [[Forensic Toolkit]]. Since the device uses a Linux [[filesystem]], the image may also be mounted and examined on a Linux workstation.
 +
 
 +
=== foremost ===
 +
 
 +
'''[[foremost]]''' is a Linux based program data for [[Recovering_deleted_data|recovering deleted files]] and served as the basis for the more modern [[Scalpel]]. The program uses a configuration file to specify [[File_Formats|headers and footers]] to search for. Intended to be run on disk images, foremost can search through most any kind of data without worrying about the format.

Revision as of 19:04, 15 March 2006

Sharp Zaurus PDA.

Although fairly nascent and possessing a small market share in the world of PDA operating systems, Linux is quickly becoming a viable alternative to both Palm OS and Microsoft's Windows Mobile. Companies are quickly adopting Linux because of its open source nature and potential for cost savings.

The most ubiquitous Linux-based PDA is the Sharp Zaurus, which runs a Linux distribution called Embedix. The Zaurus features a StrongARM processor, 16MB of ROM, 64MB of RAM, and a 3.5in LCD display.

While the majority of PDAs do not ship with Linux preinstalled, it is possible to install the operating system on devices such as the HP iPaq and Dell Axim.

Forensics

The wide variety of useful Linux utilities exist for desktop computers can also be used on Linux-based PDAs. These utilities can often be used as a part of the forensics investigation process.

Tools

dd

dd, or duplicate disk, is a Unix and Linux utility that allows the user to create a bitstream image of a disk or device. Once the Linux-based PDA is connected to another device and the dd utility is run, the mirror image can be uploaded onto memory cards or even an external desktop workstation connected via a network. Images created by dd are readable by forensics software tools such as EnCase and Forensic Toolkit. Since the device uses a Linux filesystem, the image may also be mounted and examined on a Linux workstation.

foremost

foremost is a Linux based program data for recovering deleted files and served as the basis for the more modern Scalpel. The program uses a configuration file to specify headers and footers to search for. Intended to be run on disk images, foremost can search through most any kind of data without worrying about the format.