There are many Linux distributions readily available. This however should not
stop you creating your own version of a UNIX forensic tools disc. Whether you
are on Solaris, HP-UX or any other variety of UNIX it is simple to create a
forensic tools CD that can go between systems. The added benefit of this method
is that the tools do not need to be left on the production server. This in
itself could be a security risk and the ability to unmount the CD and take it
with you increases security.
The ability to create a customized CD for your individual system means that
the analyst can have their tools available for any UNIX system that they need to
work with. It may also be possible to create a universal forensic CD. Using
statically linked binaries, a single DVD or CD could be created with separate
directories for every UNIX variety in use in the organization that you are
working on. For instance, the same CD could contain a directory called “/Solaris”
which would act as the base directory for all Solaris tools. Similarly, base
directories for Linux (/Linux), HP-UX (/HPUX10, /HPUX9) and any other variety of
UNIX in use in your organization could be included on the same distribution
allowing you to take one disk with you but leaving you ready at all times.