Welcome to Linux LEO
You have reached the home of the Law Enforcement and Forensic Examiner's Introduction to Linux. The guide has been around for a long time now, without any sort of permanent home. This Web site hopefully takes care of that.
Recent News (December 2008)
As of December 8, 2008, there's another new version of the guide (3.78). The purpose of this release is mostly to account for changes in the latest version of the Sleuthkit (now at version 3.x). This resulted in some changed tool names and the removal of at least one exercise in the LinuxLEO guide to account for how the new version of Sleuthkit handles deleted files in NTFS (see the changelog). The guide is still just under 200 pages long.
The next version of this guide will be a major revision. It will actually be more of a book than a guide!
The Purpose of this Site
This site is intended to be a simple on line repository for documents (the guide and upcoming additions) that I've written to assist members of the computer forensic community learn more about Linux and its potential as a forensic tool. This is NOT meant to be another "community portal" with forums and articles, etc. There's already plenty of those around (see "Resources" on the left). I've been asked plenty of times to open a forum or mail list for those with questions about the guide, but I don't have the time to administer such an undertaking, and I really feel more can be learned by visiting some of the already established resources. Having said that...feel free to e-mail me at any time with any questions, comments or flames. Feedback is exceedingly important to me. Positive or negative...
The Law Enforcement and Forensic Examiner's Introduction to Linux, A Beginner's Guide is my repayment to the community. When I first started to learn how to use Linux as a forensic tool, I had help from plenty of people. I look at this guide as my way of continuing that spirit of sharing knowledge. The first version of the guide was written for a class I was asked to assist with in late 1999. This is now the third major revision, with many smaller unannounced updates in between. The structure and much of the content has remained the same.
- Linux Installation Overview
- Distribution Choices.
- Introduction to Disks, Partitions and File Systems
- Linux Boot Sequence (simplified)
- Linux Commands
- Introduction to vi (very basic!)
- Mounting File Systems
- Introduction to Linux Forensics - Standard Command Line Tools
- Advanced Linux Forensics Tools
- Overview of some Bootable Distros
About the Author
I am a Supervisory Criminal Investigator (Special Agent) with a Federal Agency of the US Government. I first started using Linux around 1993.
This Web site and the documents found here are my own work and do not reflect the views of or constitute official policy of any Federal Agency. This Web site is not approved or endorsed by the US Government.