From ForensicsWiki
Revision as of 07:35, 22 February 2006 by Yale (Talk | contribs) (Added Forensics section, wrote dd section)

Jump to: navigation, search


Although fairly new in the PDA market, Linux is slowly becoming a prominent player in specialized mobile devices. As an alternative to the recently deceast Palm OS, and Microsoft's Windows Mobile, companies are picking up Linux because it's open source(a lot of possibilities), powerful, and inexpensive.

Many US PDA's do not natively support Linux. Usually Linux is installed next to the PDA's main OS through exploits or hacks. Japan, however, has begun to embrace Linux in their PDA products. Sharp's Zaurus line of PDA's exclusively uses Linux as its primary OS.


Due to the fact that plethora of useful Linux utilities exist for desktop computers, the same utilities can often be used on Linux based PDAs.


dd, or duplicate disk, is a Unix and Linux utility that allows the user to create a bitstream image of a disk or device. Once the Linux-based PDA is connected to another device and the dd utility is run, the mirror image can be uploaded onto memory cards or even an external desktop workstation connected via a network. Images created by dd are readable by forensics software tools such as EnCase and Forensic Toolkit. Since the device uses a Linux filesystem, the image may also be mounted and examined on a Linux workstation.