Welcome to SPADA (System Preview And Data Acquisition) from Peter Kingsley and Darren Freestone;
A former boss of mine back in the days when DOS was the state of the art analysis tool, told me he dearly wanted to write his own forensic operating system.
His requirements were;
· A file system that allowed fast read/write, at near as possible to raw hardware input/output speeds.
· Be robust and would be easily modified.
· Not write to every piece of media attached to the computer and mount it by default.
· Allow read only access and have applications that would permit low level access to data for analysis.
Sometime after this conversation it dawned on me, the open source UNIXs already meet these requirements, in particular a variation called FreeBSD (Linux back then had some limitations). So we developed tools and methodologies based around FreeBSD.
So 10 years on I am happy to say Linux has matured and we have now been using Linux for over two years as a valuable tool for forensic work.
SPADA is a Linux Boot CD that uses a KNOPPIX remaster and incorporates the features that we have found to be beneficial in our work. It also includes a number of custom tools developed for law enforcement.