I couldn't resist. This board has stood here empty for so long, I thought I'd at least post in it. So this post isn't just filler, though, I thought I'd add a link to Brian's well-distributed paper regarding this topic. Here ya go...
> Open Source Digital Forensics Tools - The Legal Argument
Free and Open Source Software (FOSS) seems to be all over related news these days and I'm glad to finally see that it's taking a more appropriate place in the examiner's toolkit. As Autopsy itself demonstrates, FOSS forensics isn't all about us weird Linux freaks with our command lines and custom kernels, but can equally be a full-blown GUI tool on a Windows workstation. There are lots of compelling reasons to choose FOSS for any sort of computing, but I think Brian's paper really identifies the reasons examiners should consider it. More than that, it helps those of us who deal with case agents or administrators or prosecutors who seem to think that if your case doesn't have an EnCase or FTK report in it somewhere, then it's not complete, not forensic, or not accurate. I think we should stand our ground and strive to educate and inform these people that it's the evidence we're after, not a recipe that may have worked for them in the past which happens to include a few pages with a particular logo printed at the top. Brian's paper gives us the logic to make those arguments intelligently and comprehensively.
/End of rant and hope it helps
Hoyt
