As you know, SANS faculty members maintain two popular Linux distributions for performing DFIR work. The first, SIFT Workstation®, is created by Rob Lee and will help you to examine forensic artifacts related to file system, registry, memory, and network investigations. The second, REMnux®, is created by Lenny Zeltser and can be used for malware analysis and reverse-engineering.
Both toolkits are free and available at SANS website. Here is a fresh poster which will help you to get started:
DISCLAIMER: THIS POST IS FOR INFORMATIONAL PURPOSES ONLY AND IS NOT TO BE CONSIDERED LEGAL ADVICE ON ANY SUBJECT MATTER. DIGITAL FORENSICS CORP. IS NOT A LAWFIRM AND DOES NOT PROVIDE LEGAL ADVICE OR SERVICES. By viewing posts, the reader understands there is no attorney-client relationship, the post should not be used as a substitute for legal advice from a licensed professional attorney, and readers are urged to consult their own legal counsel on any specific legal questions concerning a specific situation.
