This page has information on a presentation that I gave at the Black Hat Briefings in 2003 entitled "Forensics with Linux 101 or How to do Forensics for Free".  The slides are available from this site or are archived on the Black Hat web site. 

Black Hat also provides a wonderful service to the community in free RealAudio and RealVideo of past presentations.  The links to my presentation are below, if you would like to see more past Black Hat presentations, go to the Black Hat Media Archives. 

My slides: On Black Hat Site or Local Copy in the Attachments Below

Real Audio of the presentation: On Black Hat Site

Real Video of my presentation: On Black Hat Site

Extra tools and documents from my presentation: On Black Hat Site

To view the audio or video you will need the free RealPlayer.
To view the slides you will need a PDF reader such as the free Adobe Acrobat Reader.

---

Here are a couple sites of interest on Linux Forensics if you are looking for more informaiton:

• Yahoo! Linux Forensics Group (mailing list) - http://groups.yahoo.com/group/linux_forensics/
• Sleuthkit Linux Forensics Package Home Page - http://www.sleuthkit.org/
• Linux Forensics Links and Tools, including the Penguin Sleuth Bootable Linux CD designed for Forensics - http://www.linux-forensics.com/