LinEn

From ForensicsWiki
Jump to: navigation, search

LinEn is a Linux version of the normally DOS based EnCase acquisition tool. It has roughly the same functionality as the DOS version.

Features

File Systems Understood

File Search Facilities

Historical Reconstruction

Can it build timelines and search by creation date?

Searching Abilities

Can it search? Does it build an index? Can it focus on file types or particular kinds of metadata?

Hash Databases

Can it create hashes of files and/or blocks? Can it compare these hash values to any databases? What sort of hash functions does it use?

It can calculate an MD5 hash.

Evidence Collection Features

Can it sign files? Does it keep an audit log?

History

License Notes

Linen is released under a proprietary license. It is included as part of the freely downloadable Helix live CD.

External Links

External Reviews