Below is a list of digital forensics resources for linux. I especially enjoyed reading LUIS ROCHA‘s intro guide to Linux Forensics (#19).
- VirusTotal – Free Online Virus, Malware and URL Scanner
- TSK Tool Overview – SleuthKitWiki
- The Sleuth Kit
- Taking advantage of Ext3 journaling file system in a forensic investigation
- SANS Digital Forensics and Incident Response Blog – Understanding EXT4 (Part 1)- Extents – SANS Institute
- SANS Digital Forensics and Incident Response Blog – Understanding EXT4 (Part 2)- Timestamps – SANS Institute
- SANS Digital Forensics and Incident Response Blog – Understanding EXT4 (Part 3)- Extent Trees – SANS Institute
- SANS Digital Forensics and Incident Response Blog – Understanding EXT4 (Part 4)- Demolition Derby – SANS Institute
- SANS Digital Forensics and Incident Response Blog – Understanding EXT4 (Part 5)- Large Extents – SANS Institute
- SANS Digital Forensics and Incident Response Blog – How To – Digital Forensics Copying A VMware VMDK – SANS Institute
- SANS Digital Forensics and Incident Response Blog – Blog – SANS Institute
- qemu-img(1)- QEMU disk image utility – Linux man page
- qemu-img for WIndows – Cloudbase Solutions
- National Software Reference Library (NSRL) – NIST
- ltrace – Wikipedia
- Logical Volume Manager (204.3)
- Linux-Unix and Computer Security Resources – Hal Pomeranz – Deer Run Associates
- The Law Enforcement and Forensic Examiner’s Introduction to Linux
- Intro to Linux Forensics – Count Upon Security
- https—www.kernel.org-doc-Documentation-filesystems-ext4.txt
- GitHub – log2timeline-plaso- Super timeline all the things
- Filesystem Hierarchy Standard
- Digital Forensics – SuperTimeline & Event Logs – Part I – Count Upon Security
- Digital Forensics – NTFS Metadata Timeline Creation – Count Upon Security
- Digital Forensics – Evidence Acquisition and EWF Mounting – Count Upon Security
- chkrootkit — locally checks for signs of a rootkit