Digital Evidence and Computer Crime, Second Edition

11.8 Summary

Given the large number of UNIX systems that exist, it is necessary for digital evidence examiners to be familiar with UNIX file systems. Although UNIX may appear to be more complex than Windows, this is largely because many operations involve commands rather than graphical user interface. However, UNIX systems are arguably easier to understand because they are more transparent - these systems' configuration and functions are plainly visible and it is even possible to view the source code of many Unix operating systems and utilities.

Linux is a powerful forensic platform that can be used to examine many file systems, including FAT and NTFS. Tools like The Sleuth Kit and SMART provide a graphical user interface, simplifying the process of performing digital evidence examinations using UNIX systems.