Building a Linux based Digital Forensic workflow – Introduction

For the whole time that I’ve been doing Digital Forensics, I’ve been using Windows for it. This seriously irks me ! I’ve been in love with open source / free software since I installed my first Linux box at University. The original reason for the install was to avoid having to walk to the CS/AI labs in winter, in Edinburgh. I like being warm and dry as much as the next person – something that doesn’t happen often outside in Scotland in Winter. Linux emulated the SunOS / IRIX environment well enough that I could carry out my C / Prolog work without hypothermia.

Since then, I’ve always had _at least_ one Linux machine running at any one point in time – but since I stopped being a UNIX SysAdmin and started being a Security / Forensics Consultant, usually not as my main machine. I tried for a while to assuage my guilt by using Macs – well documented below – ‘cos at least they are “UNIX” machines when running OS X. Windows though has been an ever present thorn in my side, firstly for the running of proprietary forensic tools ( Oxygen, XWays Forensics & other odds and ends ), secondly for the running of games ( I don’t play many, but enough … ) and finally for the suite that is Office – something that has been required day-in-day-out for far, far too long …

Until now, I haven’t actually _tried_ to get rid of it though – having enough bits of hardware around to run Windows, MacOS and Linux both physically and in virtualised environments has meant that I don’t need to do it. The gnawing feeling that this is wrong has been exacerbated by tuning into a number of Linux podcasts ( I recommend Jupiter Broadcasting, Linux Action Show and Linux Unplugged ) and this had drawn to my attention that perhaps Linux is now “desktop ready”. And now Steam ( at least in theory ) works on Linux for some games in my library ( Bioshock Infinite ), there really is no excuse any longer.

This is it, I’m biting the bullet and removing Microsoft and Apple from my day-to-day workflow – for _everything_ forensics, security, documents, e-mails, IM/VoIP, games, calendar, phone synchronisation (but not phones themselves – I am aware of the Ubuntu phone and may make the switch at some point, but for now my iPhone remains) etc. etc. etc.

I think that there are some things that won’t be straightforward, I’ll admit that up front – but I sincerely hope that the Open Source Eco-System has solutions to all problems, and I’m not unwilling to dust of the few coding skills that I have in order to get to the end goal.

More to follow as this progresses …

