Linux LEO The Law Enforcement and Forensic Examiner's Introduction to Linux

---

News

-Version 3.21 released: 12 Dec 2007
-Version 3.20 released: 22 Oct 2007
-Linux LEO Goes Live: 22 Oct 2007

Documents

The Beginner's Guide v3.21 (PDF)
Readme File (txt)
Change log (txt)
ToDo List (txt)

Supplemental Files

Floppy Practice Image (practical.floppy.dd)
"Able2" Ext2 Disk Image (able2.tar.gz)
Practice Log Archive (logs.v3.tar.gz)
Raw Carving Practice (image_carve.raw)
NTFS Image (ntfs_pract.dd.gz)
NTFS E01 (EWF) Image (ntfs_pract.E01)
MD5 Checksums (md5sums.txt)

Community Resources

Linux Forensics (Yahoo Group)
Sleuthkit (Mail list)
SMART (Forum)
Forensic Focus (Forum)

Feedback

E-mail me: here

Welcome to Linux LEO

You have reached the home of the Law Enforcement and Forensic Examiner's Introduction to Linux. The guide has been around for a long time now, without any sort of permanent home. This Web site hopefully takes care of that.

The Purpose of this Site

This site is intended to be a simple on line repository for documents (the guide and upcoming additions) that I've written to assist members of the computer forensic community learn more about Linux and its potential as a forensic tool. This is NOT meant to be another "community portal" with forums and articles, etc. There's already plenty of those around (see "Resources" on the left). I've been asked plenty of times to open a forum or mail list for those with questions about the guide, but I don't have the time to administer such an undertaking, and I really feel more can be learned by visiting some of the already established resources. Having said that...feel free to e-mail me at any time with any questions, comments or flames. Feedback is exceedingly important to me. Positive or negative...

The Guide

The Law Enforcement and Forensic Examiner's Introduction to Linux, A Beginner's Guide is my repayment to the community. When I first started to learn how to use Linux as a forensic tool, I had help from plenty of people. I look at this guide as my way of continuing that spirit of sharing knowledge. The first version of the guide was written for a class I was asked to assist with in late 1999. This is now the third major revision, with many smaller unannounced updates in between. The structure and much of the content has remained the same.

• Linux Installation Overview
• Distribution Choices.
• Introduction to Disks, Partitions and File Systems
• Linux Boot Sequence (simplified)
• Linux Commands
• Introduction to vi (very basic!)
• Mounting File Systems
• Introduction to Linux Forensics - Standard Command Line Tools
• Advanced Linux Forensics Tools
• Overview of some Bootable Distros
• more

About the Author

I am a Supervisory Criminal Investigator (Special Agent) with a Federal Agency of the US Government. I first started using Linux around 1993.

This Web site and the documents found here are my own work and do not reflect the views of or constitute official policy of any Federal Agency. This Web site is not approved or endorsed by the US Government.

---

Some rights reserved: Barry J. Grundy at LinuxLEO.com 2007