News

-Version 4.97: Aug 2023
-Version 4.96: Sept 2022
-Version 4.95.1: Sept 2021
-Version 4.94: Sept 2020
-Version 4.93: Apr 2020
-Version 4.92: Oct 2019
-Version 4.91: Sept 2019
-Version 4.33: Jun 2018
-Version 4.31: Nov 2017
-Version 4.30: Sept 2017
-Version 3.78: Dec 2008
-Version 3.65: Sept 2008
-Version 3.21: Dec 2007
-Version 3.20: Oct 2007
-Linux LEO Goes Live: 22 Oct 2007

Documents

The Beginner's Guide v4.97 (PDF)
Readme File (txt)
Change log (txt)

Supplemental Files

GPT Partition Image (gptimage.raw.gz)
Fat File System Image (fat_fs.raw)
"Able2" Ext2 Disk Image (able2.tar.gz)
"Able3" Ext4 Disk Image (able_3.tar.gz)
Practice Log Archive (logs.v3.tar.gz)
Carve Image (image_carve_2017.raw)
NTFS Image (ntfs_Pract_2017_E01.tar.gz)
SHA1 Checksums (sha1.txt)

Community Resources

Linux Forensics (Yahoo Group)
Sleuthkit (Mail list)
Sleuthkit/Autopsy forum (Discourse)
LinuxQuestions.org (Linux Forums)
Forensic Focus (Forum)

Slackware Information

The Slackbook (slackbook.org)
LinuxQuestions.org (Slackware Forum)
Robby Workman's Pages (rlworkman.net)
SlackBuilds Software (SlackBuilds.org)

Feedback

E-mail: here

Welcome to Linux LEO

You have reached the home of the Law Enforcement and Forensic Examiner's Introduction to Linux, a Comprehensive Practitioner's guide to Linux as a Computer Forensic Platform.

News

August of 2023. Version 4.97 is uploaded. This will likely be the last of the version that will be published as a standalone PDF. I will be migrating to an html/online version with options for PDF and (hopefully) EPUB as well. Most likely this will come after the current academic semester.

September of 2021. I've uploaded a maintenance version with typo corrections and a few terminology updates to keep changes in Slackware. I know the content for YouTube has been a long time coming - I'm waiting for a reason. There are some looming changes that will spur the release. The videos will mean to be a companion to this guide (with some extras thrown in). Thanks for the patience.

2020 (April) is here. The latest update to the Guide is posted and work continues on the YouTube channel (I appreciate the patience). I'm trying to get a full set of useful videos loaded at once so everyone can see something of interest. The first set will concentrate on demonstrating the existing LinuxLEO exercises. Other subject matter will be introduced later. Stay tuned!

2019: We are now into October of 2019. The updates to the guide are a little more regular now. I'm teaching regularly and this has provided some good motivation for keeping things updated. The YouTube channel is still empty, but time permitting, I'll be uploading the videos very soon. I appreciate the patience. Any feedback on the document is most welcome.

As always, I'm open to comments and suggestions. At over 300 pages, the guide will likely have some typos and errors. I don't have an Editor, just a few kindly souls that volunteer their time to help find my mistakes. We all miss some along the way - don't be shy!

Old News

YouTube Channel

Videos will be periodically produced and put up on YouTube. Some will be on basic installation and configuration of Linux, with emphasis (where applicable) on forensic deployment. Others will be basic demonstrations of the material and exercises covered in the guide for those that want some visual "walk through" assistance. Sparse for now, more content will be added. Subscribe to be notified!

You can reach the YouTube Channel through this link --> LinuxLEO YouTube. Or use the button below to subscribe.

The Purpose of this Site

This site is intended to be a simple on line repository for the guide document I've written to assist members of the computer forensic community learn more about Linux and its potential as a forensic tool. This is NOT meant to be another "community portal" with forums and articles, etc. There's already plenty of those around (see "Resources" on the left). Feel free to e-mail me at any time with any questions, comments or flames. Feedback is exceedingly important to me. Positive or negative...

The Guide

The Law Enforcement and Forensic Examiner's Introduction to Linux is my repayment to the community. When I first started to learn how to use Linux as a forensic tool, I had help from plenty of people. I look at this guide as my way of continuing that spirit of sharing knowledge. The first version of the guide was written for a class I was asked to assist with in late 1999. This is now the fourth major revision.

About the Author

I am a Senior Criminal Investigator (Special Agent) with a Federal Agency of the US Government. I first started using Linux around 1993.

This Web site and the documents found here are my own work and do not reflect the views of or constitute official policy of any Federal Agency. This Web site is not approved or endorsed by the US Government.