Forensic Analysis of Windows Hosts Using UNIX-based Tools
Many forensic examiners are introduced to UNIX-based forensic utilities when faced with investigating a UNIX-like operating system for the first time. They will use these utilities for this very specific task, because in many cases these tools are the only ones for the given job. For example, at the time of this writing, given a FreeBSD 5.x file system, the author's only choice is to use The Coroner's Toolkit running on FreeBSD 5.x. However, many of the same tools examiners use for the occasional UNIX-like system investigation are extremely capable when a Windows system is the target. Indeed, the Linux operating system itself can prove to be an extremely useful forensics platform with very little use of specialized forensics utilities at all.
- Research Organization:
- Nevada Operations Office, Las Vegas, NV (US)
- Sponsoring Organization:
- US Department of Energy (US)
- DOE Contract Number:
- DOE NNSA Nevada Site Office
- OSTI ID:
- 834156
- Report Number(s):
- DOENV2004-278; TRN: US200432%%21
- Journal Information:
- Digital Investigation, Vol. 1, Issue 3; Other Information: PBD: 19 Jul 2004
- Country of Publication:
- United States
- Language:
- English
Similar Records
The self-describing data sets file protocol and Toolkit
U.S. and Russian Collaboration in the Area of Nuclear Forensics