What is the de facto forensics Linux distro to use?

What is the agreed upon forensics Linux tool used for computer forensics in law enforcement?
Answer:

answers your question with Backtrack. However you'll find that Encase and FTK are more popular with LE. Backtrack is more accessible and should have the tools you need. Encase and FTK however are not Linux distro's. http://www.guidancesoftware.com/forensic.htm http://accessdata.com/products/computer-forensics/ftk

Was this solution helpful to you?

Other answers

Check out Backtrack : http://www.backtrack-linux.org/

Thyag Sundaramoorthy

There isn't one, though the SIFT workstation would probably be closest for law enforcement since it's put out by SANS (who trains law enforcement). The vast majority of American LE uses Encase/FTK/both. Helix, Raptor, and Caine would probably be among the most popular live CD distros. I've always considered Backtrack to be heavier on the network intrusion side of things rather than traditional filesystem digital forensics. The distro itself isn't really relevant, they just provide the convenience of having many potentially useful tools in one place. The tools you're using matter to an extent, but more important is how you use them, test your findings, and produce evidence that's verifiable. Just because you use EnCase, FTK or the Linux distro du jour doesn't mean your findings won't be blown up in court.

Danny Aga

When running a forensic investigation against a machine that you know will be reviewed in the court of law, you want to use a tool that has a proven track record and has been vetted by the legal system. Using unproven/uncommon tools, while useful, may bring up the question of whether the said tool is trustworthy/reliable and can potentially cause problems. For this purpose (and others) a lot of organizations/LEs use EnCase or FTK. Other than that, there's no single too for this type of job. Most people recognize sleuthkit as a good goto solution: http://www.sleuthkit.org/. For memory analysis, lots of people trust volatility (http://code.google.com/p/volatility/).

Ryan Seu

Helix and deft are the best Linux distributions to use for forensics.

Ibrahim El-Sayed

In addition to Backtrack, Paladin and Deft are also very useful Linux distributions.

Greg Outlaw

Related Q & A:

What is the difference between covering and overlapping constraints use in DBMS?Best solution by Database Administrators
What would be the best solar powered lights to use?Best solution by diyhomedesignideas.com
What’s Dynamic Keyword Insertion, And How Should I Use It?Best solution by wordstream.com
What is a bounce rate and where do we use it?Best solution by support.google.com
What is the best online people search company to use?Best solution by Quora

Just Added Q & A:

How many active mobile subscribers are there in China?Best solution by Quora
How to find the right vacation?Best solution by bookit.com
How To Make Your Own Primer?Best solution by thekrazycouponlady.com
How do you get the domain & range?Best solution by ChaCha
How do you open pop up blockers?Best solution by Yahoo! Answers

For every problem there is a solution! Proved by Solucija.

Got an issue and looking for advice?
Ask Solucija to search every corner of the Web for help.
Get workable solutions and helpful tips in a moment.

Just ask Solucija about an issue you face and immediately get a list of ready solutions, answers and tips from other Internet users. We always provide the most suitable and complete answer to your question at the top, along with a few good alternatives below.